Multi-Hop Authentication and Constrained Delegation?
Greg Hudson
ghudson at mit.edu
Wed May 22 23:41:08 EDT 2019
On 5/22/19 2:17 PM, Robert Wehn wrote:
> However we are lacking the information, of how to actually implement and
> use it on the application side.
>
> How to implement constrained delegation in an application?
We have documentation on that at:
http://web.mit.edu/kerberos/krb5-latest/doc/appdev/gssapi.html#constrained-delegation-s4u
> Is there an open source application out there, where one could see and
> learn, how to implement constrained delegation?
>
> Does Apache implement anything in that kind, one could build and rely on?
You may be able to use mod_auth_gssapi:
https://github.com/modauthgssapi/mod_auth_gssapi
The GssapiUseS4U2Proxy activates constrained delegation.
More information about the Kerberos
mailing list