On Mon, May 20, 2013 at 5:20 AM, Vipul Mehta <[email protected]> wrote: > One more question, what is the exact use of context delegation flag if it > doesn't need to be same on initiator and acceptor side.
The initiator gets to ask for credential delegation. The acceptor gets to receive delegated credentials. The acceptor also gets to impersonate the initiator principal to the extent that the credential issuers prefer. The acceptor doesn't really get to tell much about this case: since the extent to which it can impersonate the initiator could vary by the time of the day, phases of the moon, ... Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
