Project review: GSS credential store extensions
Sam Hartman
hartmans at MIT.EDU
Thu Jul 12 13:53:26 EDT 2012
If it helps people with API names and stuff, I'm going to argue Moonshot
should use this for initial credential aquizition.
In particular I think we'll want to support:
* What trust anchor to use, specified either as a cert hash, subject
name constraint/CA list
* Support for client certificates for eap-tls
* Probably pushing in the service we're going to contact because that
made something easier on the UI front that I'm forgetting now.
Luke and I proposed an API for that sort of thing a while back. This API
is close enough to what we need that I suspect we'll end up using it for
initial credential aquizition in Moonshot.
More information about the krbdev
mailing list