Hello,
please, would you be able to kindly provide some kind of a clarification
about the CredSSP and delegation of kerberos smart-card credentials (to TS
for example)?
I assume this:
the user is logged on by using smart-card (online by using DC)
the private key cannot leave the smart-card
the user then receives a valid TGT
then the client uses CredSSP to forward "his credentials" to a TS server.
and here comes the question:
what actually is forwarded to the TS server? is it the clients TGT together
with the session key to decrypt the TGT?
many thanks
ondra.
CredSSP and kerberos credentials delegation
Posts: n/a