client impersonation

[Luke Howard]

>Some of this might be practical to handle with code based on Samba4's
>pass-though CIFS backend.  However, the tricky part is getting the
>ticket:  easy if you want to be the user, are using kerberos and have
>the server trusted for delegation (I've tested this), but I'm not sure
>about getting a ticket for another user (but I understand it may be
>possible).

Yes, it is possible using protocol transition (S4U2Self). Also you can
do delegation without the client's TGT using constrained delegation
(S4U2Proxy). Both of these are supported in Windows 2003 and above.

-- Luke

--