Setting Kerberos delegation on AD user account from Linux via Active Roles


I am wondering if anyone has a solution or ideas on how to use Active Roles to set values for msds-AllowedToDelegateTo attributes (used in Kerberos Delegations ) for an 3rd party application's Active Directory Service account - setting the values on its own SELF account. We want to be able to automate this from Linux host (RHEL7) where we are also using VAS. We would like to avoid allowing Privilege on AD DCs of "Enable computer and user accounts to be trusted for delegation" to the 3rd party app's AD account, but we are ok to allow this via the AR override account.

On Windows I could consider using the MSI install of the ADSI components, but don't know I have this option for the Linux host. I'd like to be able to help the other team finding a scripted on RHEL7 solution but not sure what options might be possible here.


Top Replies