Delegation and Moonshot
rra at stanford.edu
Mon Apr 4 13:23:12 EDT 2011
Luke Howard <lukeh at padl.com> writes:
> With the example you give, you might be interested in an OpenLDAP ACL
> plugin we've developed that lets you use GSS attribute value assertions
> - eg from a SAML assertion - as authorization subjects.
Yeah, that's a good idea -- thank you.
Also, thank you to Nico -- I hadn't thought about impersonation without
delegation thoroughly enough.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev