Kerberos, ActiveDirectory, S4U2proxy, Resource-based constrained delegation, ... - Begriffe
Work in progress. :-) MS-SFU MS-KILE MS-PAC PA-PAC-OPTIONS CNAME-IN-ADDL-TKT S4U2proxy S4U2self msDS-AllowedToDelegateTo msDS-AllowedToActOnBehalfOfOtherIdentity resource-based constrained delegation flag (PA-PAC-OPTIONS) GSSAPI Abkürzungen PA: pre-authentication PAC: Privilege Attribute Certificate TGT: Ticket Granting Ticket TGS: Ticket Grating Server TKT: Ticket (???) S4U2self: Service for User to Self (für einen Service um ein Service-Ticket für einen User selbst abzufragen) S4U2proxy: Service for User to proxy (für constrained delegation und/oder resource-based-constrained delegation) Links MS-SFU, 1.3.3 Protocol Overview MS-SFU, 2.2.5 PA-PAC-OPTIONS MS-KILE, 2.2.10 PA-PAC-OPTIONS MS-SFU, 2.2.3 CNAME-IN-ADDL-TKT MS-ADA2, M, 2.211 Attribute msDS-AllowedToDelegateTo MS-ADA2, M, 2.210 Attribute msDS-AllowedToActOnBehalfOfOtherIdentity FreeIPA, Ticket #5444 [RFE] Support Resource based kerberos constrained delegation