search for: gss_c_deleg_flag

.../CVE-2016-2125.html) which states: 0x00100000: UF_NOT_DELEGATED: The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT for the account. It means the KDC will respond with an error if the client asks for the forwardable ticket. The client typically gives up and removes the GSS_C_DELEG_FLAG flag and continues without passing delegated credentials. Administrators can use this to disable possible delegation for the most privileged accounts (e.g. administrator accounts). Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients will actually give up and not conti...

...0x00100000: UF_NOT_DELEGATED: >> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT >> for the account. It means the KDC will respond with an error if the client asks >> for the forwardable ticket. The client typically gives up and removes the >> GSS_C_DELEG_FLAG flag and continues without passing delegated credentials. >> Administrators can use this to disable possible delegation for the most >> privileged accounts (e.g. administrator accounts). >> >> Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients...

...00: UF_NOT_DELEGATED: > > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT > > for the account. It means the KDC will respond with an error if the client asks > > for the forwardable ticket.  The client typically gives up and removes the > > GSS_C_DELEG_FLAG flag and continues without passing delegated credentials. > > Administrators can use this to disable possible delegation for the most > > privileged accounts (e.g. administrator accounts). > > > > Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7...

...tes: > > 0x00100000: UF_NOT_DELEGATED: > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT > for the account. It means the KDC will respond with an error if the client asks > for the forwardable ticket. The client typically gives up and removes the > GSS_C_DELEG_FLAG flag and continues without passing delegated credentials. > Administrators can use this to disable possible delegation for the most > privileged accounts (e.g. administrator accounts). > > Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients will actually g...

...ATED: > > > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT > > > for the account. It means the KDC will respond with an error if the client asks > > > for the forwardable ticket. The client typically gives up and removes the > > > GSS_C_DELEG_FLAG flag and continues without passing delegated credentials. > > > Administrators can use this to disable possible delegation for the most > > > privileged accounts (e.g. administrator accounts). > > > > > > Upon the initial logon procedure however, both Samba 4.5....

...Requires that the context contains: + * oid + * server name (from ssh_gssapi_import_name) + */ +OM_uint32 +ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, + gss_buffer_desc* send_tok, OM_uint32 *flags) +{ + int deleg_flag = 0; + + if (deleg_creds) { + deleg_flag = GSS_C_DELEG_FLAG; + debug("Delegating credentials"); + } + + ctx->major = gss_init_sec_context(&ctx->minor, + GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, + GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, + 0, NULL, recv_tok, NULL, send_tok, flags, NULL);...