PROXY tickets and GSSAPI

Ken Hornstein kenh at
Wed Jun 26 17:21:00 EDT 2002

>    You are correct, I'm a bit confused about the diffs between proxy tix
>and forwarded tix.    I understand that the proxy tickets are service 
>and the forwarded tix are TGTs.  Im trying to get my hands around the
>problem of actually sending a useable service ticket (with the proxy flag
>set) to a GSSAPI service.     I know that the TGT will be forwarded in the
>gss_init_sec_context call when the delegation flag is set, but how would one
>send the service ticket with the proxy flag - is this where the OOB exchange
>between the client and proxy server comes into play?

It's my gut feeling that, when it all boils down to everything at the end
of the day, proxiable tickets have no real use.  Especially in our NATted
world today.  Note that I'm probably in the minority on this one, and if you
can prove me wrong, more power to you :-)


More information about the krbdev mailing list