Constrained Delegation with certificate and GSS API

Isaac Boukris iboukris at
Wed May 6 03:56:05 EDT 2020

On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson at> wrote:
> There may be alternative designs for the API; for instance, we could
> perhaps instead define a new name type and use
> gss_acquire_cred_impersonate_name().

Yes, that would solve the authdata problem and we can skip the name+cert case.

@Puran, feel free to develop it on top PR 1063 if you like, it already
got some tests.

More information about the krbdev mailing list