[20128] in Kerberos_V5_Development
Re: Alternative proxy-creds API for constrained-delegation
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Jun 5 11:11:21 2020
MIME-Version: 1.0
In-Reply-To: <20200605144740.GG7856@localhost>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 5 Jun 2020 17:11:04 +0200
Message-ID: <CAC-fF8QKWmNgJkFLdB9Z6Fq2rMLhY_yyqZs1MHTtPOCVouk4pw@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Jun 5, 2020 at 4:47 PM Nico Williams <nico@cryptonector.com> wrote:
>
> On Fri, Jun 05, 2020 at 12:11:44PM +0200, Isaac Boukris wrote:
> > Actually, even with the cred_store option for delegation_policy, when
> > using more than one type, one can't really tell what creds he got at
> > the end.
>
> You need to know? Why?
To know what I hold and what I can do with it.
> Anyways, gss_store_cred_into2() gives us a way to get that.
I'm not interested in what the delegation_policy was, but what the end
results were.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
