ANAME_DB re-enable with patch.
Nicolas Williams
Nicolas.Williams at oracle.com
Thu Sep 2 19:47:12 EDT 2010
On Fri, Sep 03, 2010 at 12:26:23AM +0100, Roland C. Dowdeswell wrote:
> Another idea that I've had might be to change krb5_kuserok() to
> krb5_kticketok() which would evaluate whether a ticket is allowed
> to access a luser's account. This would enable us to use the
> authorisation data section of a ticket to provide said authorisation.
> (Longer term thought process, though.)
+1
I'd also like an API by which to create an exported composite GSS name
token out of a Ticket, then we could have a gss_userok() function that
worked the same way.
Nico
--
More information about the krbdev
mailing list