[20086] in Kerberos_V5_Development
Re: Constrained Delegation with certificate and GSS API
daemon@ATHENA.MIT.EDU (Puran Chand)
Mon May 11 00:55:52 2020
MIME-Version: 1.0
In-Reply-To: <CAC-fF8R7Y2diyqxDEc_4+rnB3AmVCe2bU-9JMzTCQDJTxDGE9g@mail.gmail.com>
From: Puran Chand <puran157@gmail.com>
Date: Mon, 11 May 2020 10:25:26 +0530
Message-ID: <CAKnEmR+mKp8o+jOkTJQOOM5-X-gjKkgK2ObahHLS5C07ngv3aw@mail.gmail.com>
To: Isaac Boukris <iboukris@gmail.com>
Cc: "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I don't see a name type for certificate as per
https://web.mit.edu/kerberos/krb5-devel/doc/appdev/gssapi.html#name-types
Also as I understand, I need to get rid of
gss_acquire_cred_impersonate_cert and instead invoke relevant code from
gss_acquire_impersonate_name based on name type.
LMK your thoughts.
-Puran
On Wed, May 6, 2020 at 1:26 PM Isaac Boukris <iboukris@gmail.com> wrote:
> On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson@mit.edu> wrote:
> >
> > https://github.com/krb5/krb5/pull/1063
> >
> > There may be alternative designs for the API; for instance, we could
> > perhaps instead define a new name type and use
> > gss_acquire_cred_impersonate_name().
>
> Yes, that would solve the authdata problem and we can skip the name+cert
> case.
>
> @Puran, feel free to develop it on top PR 1063 if you like, it already
> got some tests.
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
