directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: [Kerberos] Constrained Delegation Support?
Date Tue, 22 Sep 2009 23:50:37 GMT
No we really have not but its not so hard to do I think.  We just need to
add the A2D2 attribute to the schema and enable some authorization checks in
the KDC to make sure it constrains the service tickets the KDC grants to
service accounts based on the contents of this attribute.  Not hard hat all
to do I think.


On Wed, Sep 23, 2009 at 1:30 AM, Marc Boorshtein <>wrote:

> Was curious if anyone has looked at constrained delegation support?  I know
> its an MS extension and the only APIs that it works with are commercial
> libraries so I was curious if anyone had looked at it.
> Thanks
> Marc

Alex Karasulu
My Blog ::
Apache Directory Server ::
Apache MINA ::

View raw message