Alternative proxy-creds API for constrained-delegation

Nico Williams nico at
Fri Jun 5 10:47:42 EDT 2020

On Fri, Jun 05, 2020 at 12:11:44PM +0200, Isaac Boukris wrote:
> Actually, even with the cred_store option for delegation_policy, when
> using more than one type, one can't really tell what creds he got at
> the end.

You need to know?  Why?

Anyways, gss_store_cred_into2() gives us a way to get that.

Also, maybe we need a gss_cred_get_store() function to return a
cred_store description of where the cred was acquired from or last
stored.  (No need to release this.)


More information about the krbdev mailing list