Re: Kerberos Delegation
From: Paul Glavich (glav_at_aspalliance.com-NOSPAM)
Date: 01/30/04
- Next message: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
- Previous message: MSFT: "Re: Web Service that calls an external Web Service"
- In reply to: ecy1_at_bezeqint.net: "Kerberos Delegation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 23:36:52 +1100
Yes, kerberos delegation is possible. You need to mark the account that
is to be delegated as 'delegateable'. I dont have a link handy, but I do
have a set of web articles on disk that describe how to implement
kerberos delegation under windows 2000. Send me offlist at
glav@aspalliance.com-NOSPAM (obviously without the -NOSPAM) and I'll
forward it to you.
- Paul Glavich
> Hi
>
> I would like to know if Kerberos Delegation is possible in
> a multi Hop scenario.
> For example: Is the following scenario possible?
>
> A Client C Transfer its {TGT} to server "S" for
> Delegation, Server S will FORWARD this {TGT} to server T
> for delegation again, (Second Hop).
> Server T will finally ask for a ticket form service server
> Q to be able to call that service in client's C name.
>
> The question is: Is it possible for the Kerberos
> delegation algorithm to run through multiple Hops?
>
> I have read about Kerberos and found many explanations
> about Delegation but ALL described Only one hop scenario.
>
> Does this mean that Multi Hop Scenario is not possible?
>
> Is there an article and example showing this?
>
> Thanks
>
> Emmanuel Kahn
> ecy1@bezeqint.net
>
>
- Next message: Charlie Nilsson [MSFT]: "Re: HttpWebRequest and 401"
- Previous message: MSFT: "Re: Web Service that calls an external Web Service"
- In reply to: ecy1_at_bezeqint.net: "Kerberos Delegation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
