about protocol transition and constraint delegation

Wu, James C. James.C.Wu at disney.com
Thu Jan 10 14:09:37 EST 2013


I am studying the feasibility of using protocols transition and constrained delegation and Kerberos impersonation in our current security implementation. As I am still quite new to MIT Kerberos, I am wondering if this mailing list can help me clarify some questions I have.

1.       For protocols transition and constrained delegation, let's says user A authentication to service B with credentials other than Kerberos and service B can request Kerberos ticket to itself for user A from KDC using the protocol transition. Does this require that user A is a principal in the KDC?

2.       For Kerberos impersonation, let's say principal A want to impersonate as user B. Does this also require user B exists in the Kerberos KDC as a principal?



More information about the krbdev mailing list