Incorrect delegation state shown on acceptor side by context flags
Vipul Mehta
vipulmehta.1989 at gmail.com
Fri May 17 10:56:09 EDT 2013
So, on acceptor side, how do i know that initiator has delegated the
credentials if i can't rely on context delegation flag ?
What about the java implementation of GSS ? Looks like there it works fine.
On Fri, May 17, 2013 at 7:18 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On 05/17/2013 07:33 AM, Vipul Mehta wrote:
> > So, for case B, the above if() condition will be true and it will set the
> > context delegation flag to true on acceptor side though delegation flag
> is
> > false on initiator side.
>
> This is how our constrained delegation (S4U2Proxy) support works. I
> don't see anything in RFC 2743 or RFC 2744 which requires the flag
> states to be identical on the initiator and acceptor context.
>
>
--
Regards,
Vipul
More information about the Kerberos
mailing list