Hi, Scenario : User A forwards his credentials to User B. User B uses the forwarded credentials to interact with User C on behalf of user A. [Delegation]
In windows KDC there is delegation option associated with user properties. I've set it to "Do not trust this user for delegation" for User B i.e. User B will not be able to use delegated credentials. In Windows SSPI API, it works fine and User B is not able to use delegated credentials. But the option doesn't seem to be having any impact in MIT Kerberos API in C++. User B is able to use A's forwarded credentials to establish security context with User C. Is this a problem from KDC side ? Any solution for this ? -- Regards, Vipul ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
