PROXY tickets and GSSAPI

Booker C. Bense bbense at
Wed Jun 26 12:25:01 EDT 2002

On Wed, 26 Jun 2002, Wyllys Ingersoll wrote:

> I have a scenario where I would like to have a GSSAPI-based server
> receive creds from a client and then act as a "proxy" by assuming the
> clients identity (the initial client sent delegated creds with the
> PROXIABLE flags set)
> to access a third service.
> However, this does not seem possible given the current GSSAPI without
> breaking the GSS abstraction layer in the intermediate server and
> directly manipulating
> the Kerberos creds.   Has anyone done something similar or know if it would
> be possible without alot of ugly hacks that break the barrier between
> GSSAPI and KRB5 ?

- I would really like to know if anybody anywhere has ever used
proxiable tickets for ANYTHING. As far as I know, there's no
publically available software that uses proxiable tickets.

- Booker C. Bense

More information about the krbdev mailing list