Alternative proxy-creds API for constrained-delegation
Isaac Boukris
iboukris at gmail.com
Tue Jun 2 19:29:23 EDT 2020
On Wed, Jun 3, 2020 at 12:05 AM Nico Williams <nico at cryptonector.com> wrote:
>
> On Tue, Jun 02, 2020 at 08:35:14PM +0200, Isaac Boukris wrote:
> > I'd still love to see an application signal for the service ticket
> > using a cred option or name attribute, more likely to help in samba.
>
> What exactly would the option specify? I'm certain we can fit it in one
> of three different ways though.
It could specify the delegation-policy for this creds/context for
example, or we can make the ticket always available via
name-attributes like Simo suggested, but that would be somewhat
unrelated work.
More information about the krbdev
mailing list