A simple introduction to Three kinds of Delegation of Kerberos

Others 2019-06-17 22:38:35 views: null

What is Delegation?

Just like the name. Delegation is that a server pretend to behalf a user and to authenticate with kerberos protocol.There are three kinds of delegations.

Kinds of Delegations Limitions Protocol Note
Unconstrained Delegation None Just forward the TGT ticket which is able to be forwarded None
Constrained Delegation Front-End Server decide which Back-End service can receive delegation 1.S4U2Proxy -> Forward the TGT ticket
2.S4U2Self -> Receive information of NTLM Authencation(Username&NTLM-Hash) And use that to get TGT from KDC		 AD administrator account
Resource-Based Constrained Delegation Back-End Services decide which Front-End service's delegation can be received The same as Constrained Delegation 1.S4U2Proxy -> Can Forward TGT ticket which is not to be able to forwarded.
2.You can use this cross the domain.
3.Service administrator account

Guess you like

Origin www.cnblogs.com/KevinGeorge/p/11041482.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com