[20121] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Alternative proxy-creds API for constrained-delegation

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Wed Jun 3 18:49:05 2020

MIME-Version: 1.0
In-Reply-To: <CAC-fF8SRottgkoVGuWAg-Ax-=KG4SfCuCE=o8pWPSOvuSAZv9g@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 4 Jun 2020 00:48:34 +0200
Message-ID: <CAC-fF8SUyBG3ZKwtgs51BoDK=F3XdcBe4wysD0XNg0rk9ot=-g@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On Wed, Jun 3, 2020 at 1:45 PM Isaac Boukris <iboukris@gmail.com> wrote:
>
> I think context option would have been more adequate if we had, but
> cred-based is fine too.

Actually that's wrong, context won't do it because we don't have one
in gss_acquire_cred_impersonate_name(), while it may be useful to
produce a tgt-less cache with a s4u2self ticket for certificate logon
and such.
It should be a cred-based option.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20121] in Kerberos_V5_Development

Re: Alternative proxy-creds API for constrained-delegation

daemon@ATHENA.MIT.EDU (Isaac Boukris)Wed Jun 3 18:49:05 2020

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Wed Jun 3 18:49:05 2020