User delegation in Kerberos V5
fantoosh@hotmail.com
fantoosh at hotmail.com
Sat Dec 17 00:09:36 EST 2005
Hi,
I am wondering if I can do the following in Kerberos (any flavours).
I am a user of some realm. I have a friend Alice who is not a user of
my realm nor is a user of any other Kerberos realm.
How can I give access to Alice to some of the files stored on a
Kerberized file server?
In otherwords can I somehow delegate my permissions (token) to Alice so
that she can use that token to authenticate with the server. I don't
want to do proxy delegation since I don't want Alice to act on my
behalf.
I was thinking that it might be possible in Public key based Kerberos
PKDA or PKINIT.
I browsed for a while but could not find any document that said that in
Kerberos a user can delegate his/her token to another user. Any
pointers?
PS: Is public key based Kerberos used in practice?
Thanks.
More information about the Kerberos
mailing list