Incorrect delegation state shown on acceptor side by context flags

Greg Hudson ghudson at MIT.EDU
Fri May 17 09:48:37 EDT 2013

On 05/17/2013 07:33 AM, Vipul Mehta wrote:
> So, for case B, the above if() condition will be true and it will set the
> context delegation flag to true on acceptor side though delegation flag is
> false on initiator side.

This is how our constrained delegation (S4U2Proxy) support works.  I
don't see anything in RFC 2743 or RFC 2744 which requires the flag
states to be identical on the initiator and acceptor context.

More information about the Kerberos mailing list