Environment
Novell Open Enterprise Server 11 SP1 (OES11SP1)
Domain Services for Windows
DSfW
DSfW
Situation
Dec 09 10:30:02 dsfw-server krb5kdc[9955](info): TGS_REQ (5 etypes {18
17 23 24 -135}) 192.168.0.52: ISSUE: authtime 1386610202, etypes
{rep=23 tkt=23 ses=23}, MEMBER-SERVER$@DSFW.LAN for
member-server$\@DSFW.LAN@DSFW.LAN
Dec 09 10:30:02 dsfw-server krb5kdc[9955](info): TGS_REQ (5 etypes {18
17 23 24 -135}) 192.168.0.52: NOT_ALLOWED_TO_DELEGATE: authtime 0,
MEMBER-SERVER$@DSFW.LAN for member-server$\@DSFW.LAN@DSFW.LAN, KDC policy
rejects request
Resolution
This is normal. Domain Member Servers/workstations are not allowed to delegate.
In this example the member server authenticates, then attempts to delegate to itself. This occurs when a member server/workstation logs into the domain.