client impersonation
Luke Howard
lukeh at padl.com
Thu Jun 1 12:59:20 GMT 2006
>Some of this might be practical to handle with code based on Samba4's
>pass-though CIFS backend. However, the tricky part is getting the
>ticket: easy if you want to be the user, are using kerberos and have
>the server trusted for delegation (I've tested this), but I'm not sure
>about getting a ticket for another user (but I understand it may be
>possible).
Yes, it is possible using protocol transition (S4U2Self). Also you can
do delegation without the client's TGT using constrained delegation
(S4U2Proxy). Both of these are supported in Windows 2003 and above.
-- Luke
--
More information about the samba-technical
mailing list