Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Kerberos Delegation

Reply
Thread Tools

Kerberos Delegation

 
 
ecy1@bezeqint.net
Guest
Posts: n/a
 
      01-29-2004
Hi

I would like to know if Kerberos Delegation is possible in
a multi Hop scenario.
For example: Is the following scenario possible?

A Client C Transfer its {TGT} to server "S" for
Delegation, Server S will FORWARD this {TGT} to server T
for delegation again, (Second Hop).
Server T will finally ask for a ticket form service server
Q to be able to call that service in client's C name.

The question is: Is it possible for the Kerberos
delegation algorithm to run through multiple Hops?

I have read about Kerberos and found many explanations
about Delegation but ALL described Only one hop scenario.

Does this mean that Multi Hop Scenario is not possible?

Is there an article and example showing this?

Thanks

Emmanuel Kahn
http://www.velocityreviews.com/forums/(E-Mail Removed)

 
Reply With Quote
 
 
 
 
Paul Glavich
Guest
Posts: n/a
 
      01-30-2004
Yes, kerberos delegation is possible. You need to mark the account that
is to be delegated as 'delegateable'. I dont have a link handy, but I do
have a set of web articles on disk that describe how to implement
kerberos delegation under windows 2000. Send me offlist at
(E-Mail Removed)-NOSPAM (obviously without the -NOSPAM) and I'll
forward it to you.

- Paul Glavich

> Hi
>
> I would like to know if Kerberos Delegation is possible in
> a multi Hop scenario.
> For example: Is the following scenario possible?
>
> A Client C Transfer its {TGT} to server "S" for
> Delegation, Server S will FORWARD this {TGT} to server T
> for delegation again, (Second Hop).
> Server T will finally ask for a ticket form service server
> Q to be able to call that service in client's C name.
>
> The question is: Is it possible for the Kerberos
> delegation algorithm to run through multiple Hops?
>
> I have read about Kerberos and found many explanations
> about Delegation but ALL described Only one hop scenario.
>
> Does this mean that Multi Hop Scenario is not possible?
>
> Is there an article and example showing this?
>
> Thanks
>
> Emmanuel Kahn
> (E-Mail Removed)
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
kerberos constrained delegation for file server access scomik@gmail.com ASP .Net 0 10-20-2006 05:15 PM
Kerberos Decrypted - Interesting URLs on how kerberos work ii.unforgiven@gmail.com Computer Security 1 07-04-2006 07:37 AM
Kerberos Constrained Delegation For Access To Single Application P Seen The Bean ASP .Net Security 2 04-24-2006 02:28 PM
Kerberos Delegation Question =?Utf-8?B?UHJlc3RvbiBQYXJr?= ASP .Net 0 06-17-2005 11:13 PM
Kerberos delegation trauma Mandy ASP .Net Security 3 01-19-2005 02:46 PM



Advertisments