Alternative proxy-creds API for constrained-delegation
Isaac Boukris
iboukris at gmail.com
Wed Jun 3 18:48:34 EDT 2020
On Wed, Jun 3, 2020 at 1:45 PM Isaac Boukris <iboukris at gmail.com> wrote:
>
> I think context option would have been more adequate if we had, but
> cred-based is fine too.
Actually that's wrong, context won't do it because we don't have one
in gss_acquire_cred_impersonate_name(), while it may be useful to
produce a tgt-less cache with a s4u2self ticket for certificate logon
and such.
It should be a cred-based option.
More information about the krbdev
mailing list