[EMAIL PROTECTED] wrote on 02/25/2004 02:14:44 PM: > I am defining a security approach involving use of delegatable > service tickets using Microsoft Kerberos implementation. I heard > from a colleague that this is ill-advised as the Microsoft > implementation does not properly limit the ticket to delegation only > by the specific service it was issued for. Can anybody provide > insight on this issue, re: Is this true and what specific security > breach scenarios does it open up?
There was the article in April 2003 issue of the MSDN magazine, "Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003". http://msdn.microsoft.com/msdnmag/issues/03/04/SecurityBriefs/default.aspx See "The Problem of Delegation" section about the unconstrained delegation. --- Seiichi ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
