Incorrect delegation state shown on acceptor side by context flags
Greg Hudson
ghudson at MIT.EDU
Fri May 17 09:48:37 EDT 2013
On 05/17/2013 07:33 AM, Vipul Mehta wrote:
> So, for case B, the above if() condition will be true and it will set the
> context delegation flag to true on acceptor side though delegation flag is
> false on initiator side.
This is how our constrained delegation (S4U2Proxy) support works. I
don't see anything in RFC 2743 or RFC 2744 which requires the flag
states to be identical on the initiator and acceptor context.
More information about the Kerberos
mailing list