Incorrect delegation state shown on acceptor side by context flags

Nico Williams nico at
Mon May 20 15:55:00 EDT 2013

On Mon, May 20, 2013 at 5:20 AM, Vipul Mehta <vipulmehta.1989 at> wrote:
> One more question, what is the exact use of context delegation flag if it
> doesn't need to be same on initiator and acceptor side.

The initiator gets to ask for credential delegation.

The acceptor gets to receive delegated credentials.

The acceptor also gets to impersonate the initiator principal to the
extent that the credential issuers prefer.  The acceptor doesn't
really get to tell much about this case: since the extent to which it
can impersonate the initiator could vary by the time of the day,
phases of the moon, ...


More information about the Kerberos mailing list