Windows KDC - Delegation Option
Vipul Mehta
vipulmehta.1989 at gmail.com
Mon Feb 10 01:50:12 EST 2014
Hi,
Scenario : User A forwards his credentials to User B. User B uses the
forwarded credentials to interact with User C on behalf of user A.
[Delegation]
In windows KDC there is delegation option associated with user properties.
I've set it to "Do not trust this user for delegation" for User B i.e. User
B will not be able to use delegated credentials.
In Windows SSPI API, it works fine and User B is not able to use delegated
credentials.
But the option doesn't seem to be having any impact in MIT Kerberos API in
C++. User B is able to use A's forwarded credentials to establish security
context with User C.
Is this a problem from KDC side ? Any solution for this ?
--
Regards,
Vipul
More information about the Kerberos
mailing list