Services4User review

Nicolas Williams Nicolas.Williams at
Fri Aug 21 11:34:12 EDT 2009

On Fri, Aug 21, 2009 at 08:04:26AM +0200, Luke Howard wrote:
> On 20/08/2009, at 11:51 PM, Nicolas Williams wrote:
> >Following up from our IM chat, the GSS exts should be really be  
> >based on
> >the existing gss_acquire/add_cred() functions, and in two variants:  
> >one
> >for S4U2Self, with an additional impersonator_cred_handle input
> >argument, and one for S4U2Proxy, with that same additional argument  
> >and
> >a subject_cred_handle instead of desired_name.
> >
> >/* S4U2SELF */
> >OM_uint32
> >gss_acquire_cred_with_cred(
> gss_acquire_cred_with_name, yes?

There's alread a desired_name in gss_a*_cred() :)

The S4U2Self idea is that we're using one principal's credential to get
a credential for another principal.

We could call that gss_a*_impersonation_cred() too, or any number of
variants.  you and I both felt that "impersonate" was likely to be
confusing, but the alternatives seem confusing too :(

More information about the krbdev mailing list