[20127] in Kerberos_V5_Development
Re: Alternative proxy-creds API for constrained-delegation
daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Jun 5 10:48:21 2020
Date: Fri, 5 Jun 2020 09:47:42 -0500
From: Nico Williams <nico@cryptonector.com>
To: Isaac Boukris <iboukris@gmail.com>
Message-ID: <20200605144740.GG7856@localhost>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAC-fF8ScHo7n2ANLxK8i4iLQ8Cm8rusv63PbVsM+feaX4v5RkA@mail.gmail.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Jun 05, 2020 at 12:11:44PM +0200, Isaac Boukris wrote:
> Actually, even with the cred_store option for delegation_policy, when
> using more than one type, one can't really tell what creds he got at
> the end.
You need to know? Why?
Anyways, gss_store_cred_into2() gives us a way to get that.
Also, maybe we need a gss_cred_get_store() function to return a
cred_store description of where the cred was acquired from or last
stored. (No need to release this.)
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
