Why can’t a user who is accessing the service on their own behalf find the "long term" keys to decrypt the service ticket and have to use U2U?
I started to study how the U2U mechanism works and got confused. The gist is as follows. When we use U2U the service ticket will be encrypted with the session key KDC of the user-"server". which he will receive during Kerberos au… Continue reading Why can’t a user who is accessing the service on their own behalf find the "long term" keys to decrypt the service ticket and have to use U2U?