A question on Forward and Proxy tickets.

Rohith K N rohithkn at hotmail.com
Wed Apr 2 13:55:19 EST 2003


I have a question on Kerberos Proxy and forward tickets.

Can a service holding a forwarded ticket get a proxy ticket for another 
service or a user?

My understanding of Kerberos 15 days old and I need your comments on this.

This is will be considered as a solution for a service called “Work on 
behalf” (Wb).  This service should allow user B to work on A’s behalf.  B 
would have access (on A’s behalf) to some services and not to other.

Proposed solution for this is that A tells Wb that B would login (latest by 
time T) and access services X Y and Z on behalf of him.  A gets a 
forward-able ticket and forwards it to Wb, Wb would get a renewable ticket 
and keep on renewing it till B logs on, or till T. When B contacts Wb and 
let him know that he wants to work on A’s behalf, Wb would get B proxy 
tickets to services (X Y and Z).

Will this soultion work? If so what are the caveats here?

Thanks for your time and response,

Rohith K N

Find a partner. For life. http://www.shaadi.com/ptnr.php?ptnr=hmlql 
Meet at Shaadi.com

More information about the Kerberos mailing list