PROXY tickets and GSSAPI
Booker C. Bense
bbense at networking.stanford.edu
Wed Jun 26 12:25:01 EDT 2002
On Wed, 26 Jun 2002, Wyllys Ingersoll wrote:
> I have a scenario where I would like to have a GSSAPI-based server
> receive creds from a client and then act as a "proxy" by assuming the
> clients identity (the initial client sent delegated creds with the
> PROXIABLE flags set)
> to access a third service.
> However, this does not seem possible given the current GSSAPI without
> breaking the GSS abstraction layer in the intermediate server and
> directly manipulating
> the Kerberos creds. Has anyone done something similar or know if it would
> be possible without alot of ugly hacks that break the barrier between
> GSSAPI and KRB5 ?
- I would really like to know if anybody anywhere has ever used
proxiable tickets for ANYTHING. As far as I know, there's no
publically available software that uses proxiable tickets.
- Booker C. Bense
More information about the krbdev