User delegation in Kerberos V5
Jeffrey Altman
jaltman2 at nyc.rr.com
Sat Dec 17 23:45:39 EST 2005
I don't think you want to give Alice your credentials in this case.
What you want to do is associated an ACL on your files/directories
which provide Alice permissions to access them in the methods you
wish to permit.
Jeffrey Altman
fantoosh at hotmail.com wrote:
> Hi,
>
> I am wondering if I can do the following in Kerberos (any flavours).
>
> I am a user of some realm. I have a friend Alice who is not a user of
> my realm nor is a user of any other Kerberos realm.
>
> How can I give access to Alice to some of the files stored on a
> Kerberized file server?
>
> In otherwords can I somehow delegate my permissions (token) to Alice so
> that she can use that token to authenticate with the server. I don't
> want to do proxy delegation since I don't want Alice to act on my
> behalf.
>
> I was thinking that it might be possible in Public key based Kerberos
> PKDA or PKINIT.
>
> I browsed for a while but could not find any document that said that in
> Kerberos a user can delegate his/her token to another user. Any
> pointers?
>
> PS: Is public key based Kerberos used in practice?
>
> Thanks.
>
More information about the Kerberos
mailing list