I am defining a security approach involving use of delegatable service tickets using
Microsoft Kerberos implementation. I heard from a colleague that this is ill-advised
as the Microsoft implementation does not properly limit the ticket to delegation only
by the specific service it was issued for. Can anybody provide insight on this issue,
re: Is this true and what specific security breach scenarios does it open up? Thanks.
Robert Dodson
Virtual Technology Group Inc.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
