Delegatable Service Tickets / Microsoft Kerberos

Dodson, Robert (Alliance) BDODSON at allstate.com
Wed Feb 25 14:14:44 EST 2004


I am defining a security approach involving use of delegatable service tickets using Microsoft Kerberos implementation.  I heard from a colleague that this is ill-advised as the Microsoft implementation does not properly limit the ticket to delegation only by the specific service it was issued for.  Can anybody provide insight on this issue, re: Is this true and what specific security breach scenarios does it open up?  Thanks.
  
Robert Dodson
Virtual Technology Group Inc.


More information about the Kerberos mailing list