[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.29. What are the advantages/disadvantages of Kerberos vs. SSL?
Next Document: 2. Administration questions
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.29. What are the advantages/disadvantages of Kerberos vs. SSL?
Next Document: 2. Administration questions
1.30. What are proxiable tickets?
As discussed in Question 1.26, Kerberos tickets contain the IP addresses of hosts they are to be used on. In addition to forwardable tickets, Kerberos 5 introduce the concept of proxiable tickets. A proxiable ticket is a ticket (generally only a TGT) that allows you to get a ticket for a service with IP addresses other than the ones in the TGT. This is different than forwardable tickets in that you cannot proxy a new TGT from your current TGT; you can only proxy non-TGT service tickets. In other words, forwardable tickets let you transfer your complete identity (TGT) to another machine, where proxy tickets only let you transfer particular tickets. In general practice, proxiable tickets are not used that often.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.29. What are the advantages/disadvantages of Kerberos vs. SSL?
Next Document: 2. Administration questions
Single Page
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update October 22 2009 @ 05:26 AM