client impersonation

Luke Howard lukeh at
Thu Jun 1 12:59:20 GMT 2006

>Some of this might be practical to handle with code based on Samba4's
>pass-though CIFS backend.  However, the tricky part is getting the
>ticket:  easy if you want to be the user, are using kerberos and have
>the server trusted for delegation (I've tested this), but I'm not sure
>about getting a ticket for another user (but I understand it may be

Yes, it is possible using protocol transition (S4U2Self). Also you can
do delegation without the client's TGT using constrained delegation
(S4U2Proxy). Both of these are supported in Windows 2003 and above.

-- Luke


More information about the samba-technical mailing list