Delegatable Service Tickets / Microsoft Kerberos
Dodson, Robert (Alliance)
BDODSON at allstate.com
Wed Feb 25 14:14:44 EST 2004
I am defining a security approach involving use of delegatable service tickets using Microsoft Kerberos implementation. I heard from a colleague that this is ill-advised as the Microsoft implementation does not properly limit the ticket to delegation only by the specific service it was issued for. Can anybody provide insight on this issue, re: Is this true and what specific security breach scenarios does it open up? Thanks.
Robert Dodson
Virtual Technology Group Inc.
More information about the Kerberos
mailing list