[20132] in Kerberos_V5_Development
Re: Alternative proxy-creds API for constrained-delegation
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Mon Jun 8 07:20:14 2020
MIME-Version: 1.0
In-Reply-To: <20200603160058.GY7856@localhost>
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 8 Jun 2020 13:19:52 +0200
Message-ID: <CAC-fF8SvRqc89NwXf27av5vvtJhuYAO+Hw+y24OYc+2zt5W4Ug@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Simo Sorce <simo@redhat.com>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>,
heimdal-discuss@heimdal.software
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, Jun 3, 2020 at 6:01 PM Nico Williams <nico@cryptonector.com> wrote:
>
> On Wed, Jun 03, 2020 at 04:11:08PM +0200, Isaac Boukris wrote:
> > To me, gss-proxy sounds like a big requirement, I was hoping for a
> > simpler plugable client helper mechanism, that simply talks to a
> > daemon when needed and puts the ticket in cache for the client to use.
>
> That's still a proxy. We talked about this on the call. Love had
> wanted all of these proxies back in 2012, and I agree with that:
>
> - krb5_get_credentials() proxy
>
> - krb5_mk/rd_req*() proxy
>
> - gss proxy
Yes, it would be nice to make this tgt-less creds work for
krb5_get_credentials() callers, and not only gss_init_sec_context()
callers.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
