Heimdal: Delegation + Cross-realm authentication

charan v.sricharan at gmail.com
Mon May 11 16:49:16 EDT 2009

    Does Heimdal (open source implementation of Kerberos V), support
cross-realm authentication  by a service that is delegated to obtain
credentials on behalf of a client?
    Following is the use case:
    1. Client delegates authentication of credentials to a service
    2. The service how has privilege to get credentials / tickets on
behalf of the client (in the same realm).
    3. Client access a service on a different (but trusted) realm.

    The question is, can the service that is delegated to fetch
credentials on behalf of the client, get the credentials for a
different realm.

    Thanks for the help!


More information about the Kerberos mailing list