PROXY tickets and GSSAPI
wyllys.ingersoll at sun.com
Wed Jun 26 12:09:00 EDT 2002
I have a scenario where I would like to have a GSSAPI-based server
receive creds from a client and then act as a "proxy" by assuming the
clients identity (the initial client sent delegated creds with the
PROXIABLE flags set)
to access a third service.
However, this does not seem possible given the current GSSAPI without
breaking the GSS abstraction layer in the intermediate server and
the Kerberos creds. Has anyone done something similar or know if it would
be possible without alot of ugly hacks that break the barrier between
GSSAPI and KRB5 ?
More information about the krbdev