Windows KDC - Delegation Option

Vipul Mehta vipulmehta.1989 at gmail.com
Mon Feb 10 01:50:12 EST 2014


Hi,

Scenario : User A forwards his credentials to User B. User B uses the
forwarded credentials to interact with User C on behalf of user A.
[Delegation]

In windows KDC there is delegation option associated with user properties.
I've set it to "Do not trust this user for delegation" for User B i.e. User
B will not be able to use delegated credentials.

In Windows SSPI API, it works fine and User B is not able to use delegated
credentials.

But the option doesn't seem to be having any impact in MIT Kerberos API in
C++. User B is able to use A's forwarded credentials to establish security
context with User C.

Is this a problem from KDC side ? Any solution for this ?

-- 
Regards,
Vipul


More information about the Kerberos mailing list