[krbdev.mit.edu #8479] Resource Based Constrained Delegation client support
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Aug 17 11:09:20 EDT 2016
Windows Server 2012 added a feature called Resource Based Constrained
Delegation, which allows delegation policy to be configured on the
S4U2Proxy target's principal entry rather than the intermediate's, and
allows the intermediate and target to be in different realms.
Some client support is apparently necessary to make this work. We have
received at least one request to implement these client changes; I am
creating this ticket to track that request. I have not done the research
to understand the scope of the required client changes.
http://mailman.mit.edu/pipermail/kerberos/2016-July/021295.html
https://blog.kloud.com.au/2013/07/11/kerberos-constrained-delegation/
https://msdn.microsoft.com/en-us/library/cc246071.aspx
More information about the krb5-bugs
mailing list