Hi, I am wondering if I can do the following in Kerberos (any flavours).
I am a user of some realm. I have a friend Alice who is not a user of my realm nor is a user of any other Kerberos realm. How can I give access to Alice to some of the files stored on a Kerberized file server? In otherwords can I somehow delegate my permissions (token) to Alice so that she can use that token to authenticate with the server. I don't want to do proxy delegation since I don't want Alice to act on my behalf. I was thinking that it might be possible in Public key based Kerberos PKDA or PKINIT. I browsed for a while but could not find any document that said that in Kerberos a user can delegate his/her token to another user. Any pointers? PS: Is public key based Kerberos used in practice? Thanks. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
