Forum Discussion
John_K_01_16461
Nimbostratus
NimbostratusKerberos multi-hop supported in APM
We currently have a virtual server set up with APM and we are using it to extract UPN from client certificate and pass along a Kerberos ticket to the back-end server for authentication. This part is...
Kevin_Stewart
Employee
EmployeeThe trick for multi-hop constrained delegation (what APM does) is to enable constrained delegation at every hop. So in your case you have an account in AD that is allowed (and constrained) to delegate to a specific service (presumably a web server). The account that owns that service must then be given (constrained) delegation rights to the downstream service.
