[Mono-list] Mono, constrained delegation and protocol transition
Robert Jordan
robertj at gmx.net
Wed Mar 17 08:15:19 EDT 2010
On 17.03.2010 12:53, Marc Boorshtein wrote:
> All,
>
> I'm new to Mono and am trying to understand how Kerberos& Constrained
> delegation work together. I see that the libraries exist in Mono (ie
> there is a WindowsIdentity.impersonate method) but how does this work
> on Linux& Apache? Does the web server user need to be running as a
> user who is logged into a kerberos session? Also, are there lower
> level libraries for interacting with Kerberos directly so someone
> could have more control over the process?
WindowsIdentity.Impersonate relies on setuid() and assumes that
the process is running as "root". As such, it doesn't cope
well (it's a playing down) with Apache not with ASP.NET.
Kerberos is not supported, and I don't believe that it could
even work in ASP.NET's model, where a thread-based impersonation
would be necessary.
Robert
More information about the Mono-list
mailing list