[20079] in Kerberos_V5_Development
Re: Constrained Delegation with certificate and GSS API
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Wed May 6 03:56:26 2020
MIME-Version: 1.0
In-Reply-To: <44c22ddd-cd0c-aca6-e065-db109732eca5@mit.edu>
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 6 May 2020 09:56:05 +0200
Message-ID: <CAC-fF8R7Y2diyqxDEc_4+rnB3AmVCe2bU-9JMzTCQDJTxDGE9g@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson@mit.edu> wrote:
>
> https://github.com/krb5/krb5/pull/1063
>
> There may be alternative designs for the API; for instance, we could
> perhaps instead define a new name type and use
> gss_acquire_cred_impersonate_name().
Yes, that would solve the authdata problem and we can skip the name+cert case.
@Puran, feel free to develop it on top PR 1063 if you like, it already
got some tests.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
