I decided to write a blog post on Kerberos delegation after finding much conflicting and inaccurate info on the net. Of course I now wonder if my conclusions are completely accurate. I'd appreciate any feedback on the blog post as to accuracy. Other suggestions are also welcome.
BTW, I expressed some fairly strong opinions about the value of S4U2Proxy over A2D2. I know that features will be added by MS if Fortune 500 companies ask for them. I suspect that is how S4U2Proxy ended up being created and I imagine those are the folks most likely to have complex domain setups.
I haven't looked closely at Server 2016 so I don't know if it makes any changes to the Kerberos delegation story. Does anyone know?
Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx
Kerberos delegation blog post
- 138 Views
- Last Post 27 October 2016