Alternative proxy-creds API for constrained-delegation

Isaac Boukris iboukris at
Tue Jun 2 19:29:23 EDT 2020

On Wed, Jun 3, 2020 at 12:05 AM Nico Williams <nico at> wrote:
> On Tue, Jun 02, 2020 at 08:35:14PM +0200, Isaac Boukris wrote:
> > I'd still love to see an application signal for the service ticket
> > using a cred option or name attribute, more likely to help in samba.
> What exactly would the option specify?  I'm certain we can fit it in one
> of three different ways though.

It could specify the delegation-policy for this creds/context for
example, or we can make the ticket always available via
name-attributes like Simo suggested, but that would be somewhat
unrelated work.

More information about the krbdev mailing list