Filter
Top Products
Administering the Kerberos Server
Attributes Tab (Principal Information Window)
Chapter 8 171
Allow Forwardable Specifies if a principal is allowed ticket
forwarding. Forwarding is a process that
sends a ticket-granting ticket (TGT) from
one network host to another host. The
second host system can use the forwarded
TGT to generate a new service ticket on
behalf of the principal.
The Allow Forwardable attribute applies to
both user and service principals. If you set
this attribute for a user principal, the
principal can be issued a forwarded or
forwardable ticket. If you set this attribute
for a service principal, the server can issue a
forwarded service ticket for the service.
Allow Proxy Specifies if a principal is allowed proxy
tickets. Proxy tickets allow applications that
a principal accesses with a TGT to request a
special class of service ticket. You can move
this type of service ticket to another host on
the network that acts on behalf of the
principal, for example, a print service
printing a file.
The Allow Proxy attribute applies to both
user and service principals. If you set this
attribute for a user principal, the principal
can be issued a proxy ticket. If you set this
attribute for a service principal, the server
can issue a proxy service ticket for the
service.
Allow Duplicate
Session Keys
Specifies if a principal is allowed to use a
duplicate session key. A duplicate session
key is used in user-to-user authentication
and specifies which key is used to encrypt
the tickets.
Table 8-12 Attributes Tab Components (Continued)
Components Description