Project review: GSS credential store extensions

Sam Hartman hartmans at MIT.EDU
Thu Jul 12 13:53:26 EDT 2012

If it helps people with API names and stuff, I'm going to argue Moonshot
should use this for initial credential aquizition.
In particular I think we'll want to support:

* What trust anchor to use, specified either as a cert hash, subject
  name constraint/CA list

* Support for client certificates for eap-tls

* Probably pushing in the service we're going to contact because that
  made something easier on the UI front  that I'm forgetting now.

Luke and I proposed an API for that sort of thing a while back. This API
is close enough to what we need that I suspect we'll end up using it for
initial credential aquizition in Moonshot.

More information about the krbdev mailing list