Delegation and Moonshot

[Russ Allbery]

Luke Howard <lukeh at padl.com> writes:

> With the example you give, you might be interested in an OpenLDAP ACL
> plugin we've developed that lets you use GSS attribute value assertions
> - eg from a SAML assertion - as authorization subjects.

Yeah, that's a good idea -- thank you.

Also, thank you to Nico -- I hadn't thought about impersonation without
delegation thoroughly enough.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>