Resource Based Kerberos Constrained Delegation

Big changes have occurred in the Kerberos authentication space with the introduction of Windows Server 2012. For this blog I’ll focus on Kerberos Constrained Delegation and Protocol Transition, highlighting what Server 2012 brings to the table, and how the changes can be used to improve security in a typical deployment scenario.

Kerberos Delegation Explained

To start, a high level explanation of Kerberos delegation – it enables an account to impersonate another account for the purpose of providing access to resources.… [Keep reading] “Resource Based Kerberos Constrained Delegation”