[Mono-list] Mono, constrained delegation and protocol transition

Robert Jordan robertj at gmx.net
Wed Mar 17 08:15:19 EDT 2010

On 17.03.2010 12:53, Marc Boorshtein wrote:
> All,
> I'm new to Mono and am trying to understand how Kerberos&  Constrained
> delegation work together.  I see that the libraries exist in Mono (ie
> there is a WindowsIdentity.impersonate method) but how does this work
> on Linux&  Apache?  Does the web server user need to be running as a
> user who is logged into a kerberos session?  Also, are there lower
> level libraries for interacting with Kerberos directly so someone
> could have more control over the process?

WindowsIdentity.Impersonate relies on setuid() and assumes that
the process is running as "root". As such, it doesn't cope
well (it's a playing down) with Apache not with ASP.NET.

Kerberos is not supported, and I don't believe that it could
even work in ASP.NET's model, where a thread-based impersonation
would be necessary.


More information about the Mono-list mailing list