Constrained Delegation with certificate and GSS API
Isaac Boukris
iboukris at gmail.com
Wed May 6 03:56:05 EDT 2020
On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson at mit.edu> wrote:
>
> https://github.com/krb5/krb5/pull/1063
>
> There may be alternative designs for the API; for instance, we could
> perhaps instead define a new name type and use
> gss_acquire_cred_impersonate_name().
Yes, that would solve the authdata problem and we can skip the name+cert case.
@Puran, feel free to develop it on top PR 1063 if you like, it already
got some tests.
More information about the krbdev
mailing list