Alternative proxy-creds API for constrained-delegation

Isaac Boukris iboukris at
Wed Jun 3 18:48:34 EDT 2020

On Wed, Jun 3, 2020 at 1:45 PM Isaac Boukris <iboukris at> wrote:
> I think context option would have been more adequate if we had, but
> cred-based is fine too.

Actually that's wrong, context won't do it because we don't have one
in gss_acquire_cred_impersonate_name(), while it may be useful to
produce a tgt-less cache with a s4u2self ticket for certificate logon
and such.
It should be a cred-based option.

More information about the krbdev mailing list