about protocol transition and constraint delegation
ghudson at MIT.EDU
Thu Jan 10 15:55:23 EST 2013
On 01/10/2013 02:09 PM, Wu, James C. wrote:
> 1. For protocols transition and constrained delegation, let's says user A authentication to service B with credentials other than Kerberos and service B can request Kerberos ticket to itself for user A from KDC using the protocol transition. Does this require that user A is a principal in the KDC?
> 2. For Kerberos impersonation, let's say principal A want to impersonate as user B. Does this also require user B exists in the Kerberos KDC as a principal?
I believe the answers are yes and yes, for all current implementations
of S4U2Self and S4U2Proxy.
More information about the krbdev