TechQA.

Kerberos How To Delegate On Behalf Of Users AND Access Resources Independent Of Users

300 views Asked by At

I have a webapp running on Linux that uses Delegation to effectively mirror the permissions of the User that makes requests. The webapp uses a keytab that looks something like this:

KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   3 12/31/69 18:00:00 HTTP/my-website.com@DOMAIN

And the appropriate SPN is added to the webapp's service account, which looks something like this:

HTTP/my-website.com@DOMAIN

This all works fine.

There is a new requirement for the webapp to also be able to access resources it needs independent from the Delegation it does on behalf of users. For example, there are databases it needs to access that users of the app don't necessarily have access to. Is there a way for the webapp to use the same Keytab to generate tickets such that it can both continue to delegate on behalf of users AND access the resources it requires?

kerberos kestrel-http-server kerberos-delegation
Original Q&A
0

There are 0 answers

Related Questions in KERBEROS

Related Questions in KESTREL-HTTP-SERVER

Related Questions in KERBEROS-DELEGATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions