[20125] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Alternative proxy-creds API for constrained-delegation

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Jun 5 06:12:27 2020

MIME-Version: 1.0
In-Reply-To: <CAC-fF8Q+cRbRTS=Ai8nb5QnN8XEMu4z36duVGjus0zv=Z6S1XQ@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 5 Jun 2020 12:11:44 +0200
Message-ID: <CAC-fF8ScHo7n2ANLxK8i4iLQ8Cm8rusv63PbVsM+feaX4v5RkA@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Actually, even with the cred_store option for delegation_policy, when
using more than one type, one can't really tell what creds he got at
the end.

We have GET_CRED_IMPERSONATOR_OID which I think can be used to inquire
for proxy-creds, but how do you tell a tgt-less one?  It would be nice
to be able to inquire about it.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20125] in Kerberos_V5_Development

Re: Alternative proxy-creds API for constrained-delegation

daemon@ATHENA.MIT.EDU (Isaac Boukris)Fri Jun 5 06:12:27 2020

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Jun 5 06:12:27 2020