User delegation in Kerberos V5

Jeffrey Altman jaltman2 at nyc.rr.com
Sat Dec 17 23:45:39 EST 2005


I don't think you want to give Alice your credentials in this case.
What you want to do is associated an ACL on your files/directories
which provide Alice permissions to access them in the methods you
wish to permit.

Jeffrey Altman


fantoosh at hotmail.com wrote:
> Hi,
> 
> I am wondering if I can do the following in Kerberos (any flavours).
> 
> I am a user of some realm. I have a friend Alice who is not a user of
> my realm nor is a user of any other Kerberos realm.
> 
> How can I give access to Alice to some of the files stored on a
> Kerberized file server?
> 
> In otherwords can I somehow delegate my permissions (token) to Alice so
> that she can use that token to authenticate with the server. I don't
> want to do proxy delegation since I don't want Alice to act on my
> behalf.
> 
> I was thinking that it might be possible in Public key based Kerberos
> PKDA or PKINIT.
> 
> I browsed for a while but could not find any document that said that in
> Kerberos a user can delegate his/her token to another user. Any
> pointers?
> 
> PS: Is public key based Kerberos used in practice?
> 
> Thanks.
> 


More information about the Kerberos mailing list