Kerberos Delegation and Abuse Cases

Definition

Kerberos Delegation allows to reuse the end-user credentials to access the resources hosted on a different server. ex. user authenticates to a web server and web server makes requests to a database server. The web server can request access to resources (all or some resources depending on the type of delegation) on the database server as the user and not as the web server's service account.

Types

There are three types of Kerberos Delegation:

pageUnconstrained Delegation

PreviousGolden GMSA NextUnconstrained Delegation

Last updated 2 years ago