Russ Allbery wrote: > Kevin Coffman <[EMAIL PROTECTED]> writes: > > > Our answer to the proxy issue when certificates are used for > > authentication is Kerberized Credentials Translation (KCT). The web > > server captures the SSL handshake between itself and the client, > > forwards that handshake and other info to the KCT (a Kerberized service) > > running on a KDC machine which can issue Kerberos service tickets for > > the web server to use on the user's behalf. > > How does it do this without the user's password?
The KCT runs on the KDC machine and has access to the Kerberos database. It generates tickets just like the TGS, but with different requirements for the request. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
