[20104] in Kerberos_V5_Development
Re: Alternative proxy-creds API for constrained-delegation
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Tue Jun 2 19:29:43 2020
MIME-Version: 1.0
In-Reply-To: <20200602220509.GT7856@localhost>
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 3 Jun 2020 01:29:23 +0200
Message-ID: <CAC-fF8SwWEaYzskaDST0x-DtasOttuNxTygyLnQ9umvJi9wf6g@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>,
heimdal-discuss@heimdal.software
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, Jun 3, 2020 at 12:05 AM Nico Williams <nico@cryptonector.com> wrote:
>
> On Tue, Jun 02, 2020 at 08:35:14PM +0200, Isaac Boukris wrote:
> > I'd still love to see an application signal for the service ticket
> > using a cred option or name attribute, more likely to help in samba.
>
> What exactly would the option specify? I'm certain we can fit it in one
> of three different ways though.
It could specify the delegation-policy for this creds/context for
example, or we can make the ticket always available via
name-attributes like Simo suggested, but that would be somewhat
unrelated work.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
