[20087] in Kerberos_V5_Development
Re: Constrained Delegation with certificate and GSS API
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Mon May 11 17:37:26 2020
MIME-Version: 1.0
In-Reply-To: <CAKnEmR+mKp8o+jOkTJQOOM5-X-gjKkgK2ObahHLS5C07ngv3aw@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 11 May 2020 23:36:54 +0200
Message-ID: <CAC-fF8RqLFPg4GG7--WSV3fjHq7NoWfJP63y8rrf1pOo+B=iqA@mail.gmail.com>
To: Puran Chand <puran157@gmail.com>
Cc: "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, May 11, 2020 at 6:55 AM Puran Chand <puran157@gmail.com> wrote:
>
> I don't see a name type for certificate as per https://web.mit.edu/kerberos/krb5-devel/doc/appdev/gssapi.html#name-types
The idea was to add a new name type.
> Also as I understand, I need to get rid of gss_acquire_cred_impersonate_cert and instead invoke relevant code from gss_acquire_impersonate_name based on name type.
> LMK your thoughts.
Yeah, the caller would import the cert data with the new name-type and
pass it to gss_acquire_cred_impersonate_name() as desired_name.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
