A simple introduction to Three kinds of Delegation of Kerberos
Posted kevingeorge
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了A simple introduction to Three kinds of Delegation of Kerberos相关的知识,希望对你有一定的参考价值。
What is Delegation?
Just like the name. Delegation is that a server pretend to behalf a user and to authenticate with kerberos protocol.There are three kinds of delegations.
| Kinds of Delegations | Limitions | Protocol | Note |
|---|---|---|---|
| Unconstrained Delegation | None | Just forward the TGT ticket which is able to be forwarded | None |
| Constrained Delegation | Front-End Server decide which Back-End service can receive delegation | 1.S4U2Proxy -> Forward the TGT ticket 2.S4U2Self -> Receive information of NTLM Authencation(Username&NTLM-Hash) And use that to get TGT from KDC |
AD administrator account |
| Resource-Based Constrained Delegation | Back-End Services decide which Front-End service‘s delegation can be received | The same as Constrained Delegation | 1.S4U2Proxy -> Can Forward TGT ticket which is not to be able to forwarded. 2.You can use this cross the domain. 3.Service administrator account |
以上是关于A simple introduction to Three kinds of Delegation of Kerberos的主要内容,如果未能解决你的问题,请参考以下文章
MATH10282 Introduction to Statistics
ITI 1121. Introduction to Compute
A Quick Introduction to Linux Policy Routing
W4111 -- Introduction to Databases