about protocol transition and constraint delegation
Wu, James C.
James.C.Wu at disney.com
Thu Jan 10 14:09:37 EST 2013
Hi,
I am studying the feasibility of using protocols transition and constrained delegation and Kerberos impersonation in our current security implementation. As I am still quite new to MIT Kerberos, I am wondering if this mailing list can help me clarify some questions I have.
1. For protocols transition and constrained delegation, let's says user A authentication to service B with credentials other than Kerberos and service B can request Kerberos ticket to itself for user A from KDC using the protocol transition. Does this require that user A is a principal in the KDC?
2. For Kerberos impersonation, let's say principal A want to impersonate as user B. Does this also require user B exists in the Kerberos KDC as a principal?
Thanks,
James
More information about the krbdev
mailing list