Kerberos Delegation

Discussion in 'ASP .Net Security' started by ecy1@bezeqint.net, Jan 29, 2004.

  1. Guest

    Hi

    I would like to know if Kerberos Delegation is possible in
    a multi Hop scenario.
    For example: Is the following scenario possible?

    A Client C Transfer its {TGT} to server "S" for
    Delegation, Server S will FORWARD this {TGT} to server T
    for delegation again, (Second Hop).
    Server T will finally ask for a ticket form service server
    Q to be able to call that service in client's C name.

    The question is: Is it possible for the Kerberos
    delegation algorithm to run through multiple Hops?

    I have read about Kerberos and found many explanations
    about Delegation but ALL described Only one hop scenario.

    Does this mean that Multi Hop Scenario is not possible?

    Is there an article and example showing this?

    Thanks

    Emmanuel Kahn
     
    , Jan 29, 2004
    #1
    1. Advertising

  2. Paul Glavich Guest

    Yes, kerberos delegation is possible. You need to mark the account that
    is to be delegated as 'delegateable'. I dont have a link handy, but I do
    have a set of web articles on disk that describe how to implement
    kerberos delegation under windows 2000. Send me offlist at
    -NOSPAM (obviously without the -NOSPAM) and I'll
    forward it to you.

    - Paul Glavich

    > Hi
    >
    > I would like to know if Kerberos Delegation is possible in
    > a multi Hop scenario.
    > For example: Is the following scenario possible?
    >
    > A Client C Transfer its {TGT} to server "S" for
    > Delegation, Server S will FORWARD this {TGT} to server T
    > for delegation again, (Second Hop).
    > Server T will finally ask for a ticket form service server
    > Q to be able to call that service in client's C name.
    >
    > The question is: Is it possible for the Kerberos
    > delegation algorithm to run through multiple Hops?
    >
    > I have read about Kerberos and found many explanations
    > about Delegation but ALL described Only one hop scenario.
    >
    > Does this mean that Multi Hop Scenario is not possible?
    >
    > Is there an article and example showing this?
    >
    > Thanks
    >
    > Emmanuel Kahn
    >
    >
    >
     
    Paul Glavich, Jan 30, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UHJlc3RvbiBQYXJr?=

    Kerberos Delegation Question

    =?Utf-8?B?UHJlc3RvbiBQYXJr?=, Jun 18, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    929
    =?Utf-8?B?UHJlc3RvbiBQYXJr?=
    Jun 18, 2005
  2. Replies:
    0
    Views:
    367
  3. Mandy

    Kerberos delegation trauma

    Mandy, Jan 18, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    255
    Joe Kaplan \(MVP - ADSI\)
    Jan 19, 2005
  4. Seen The Bean
    Replies:
    2
    Views:
    197
    Ken Schaefer
    Apr 24, 2006
  5. Scott Elgram

    Kerberos Delegation

    Scott Elgram, Dec 7, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    157
    Scott Elgram
    Dec 8, 2006
Loading...

Share This Page