Alternative proxy-creds API for constrained-delegation
Isaac Boukris
iboukris at gmail.com
Wed Jun 3 13:15:23 EDT 2020
On Wed, Jun 3, 2020 at 6:01 PM Nico Williams <nico at cryptonector.com> wrote:
>
> On Wed, Jun 03, 2020 at 04:11:08PM +0200, Isaac Boukris wrote:
> > To me, gss-proxy sounds like a big requirement, I was hoping for a
> > simpler plugable client helper mechanism, that simply talks to a
> > daemon when needed and puts the ticket in cache for the client to use.
>
> That's still a proxy. We talked about this on the call. Love had
> wanted all of these proxies back in 2012, and I agree with that:
>
> - krb5_get_credentials() proxy
>
> - krb5_mk/rd_req*() proxy
>
> - gss proxy
>
> All of these can be in the same or different programs -- it doesn't
> matter much.
Proxy is fine, as long as we define its requirements for *this* feature.
More information about the krbdev
mailing list