From the course: Windows Server 2012 R2: Configure and Manage Active Directory
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Kerberos delegation
From the course: Windows Server 2012 R2: Configure and Manage Active Directory
Kerberos delegation
- Kerberos delegation is a feature that allows an application to reuse the end user credentials to access resources hosted on a different server. So, let's talk about this Kerberos delegation just a little bit here. Now sometimes, a program for a service might need to make a connection to another server's services on behalf of the client. So for example, let's say a client uses a front end server that then makes a connection to a back end server, but that connection needs authentication. Well, Kerberos uses delegation of authentication to make this happen. The requesting service, which would be the client in this example, requests that the KDC authorize a second service to act on its behalf. The second service can then delegate authentication to a third service. Now, starting with Windows Server 2003 and everything since, Microsoft added something called the constrained delegation model, which is to limit the scope of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.