Constrained Delegation with certificate and GSS API

Puran Chand puran157 at
Mon May 11 00:55:26 EDT 2020

I don't see a name type for certificate as per

Also as I understand, I need to get rid of
gss_acquire_cred_impersonate_cert and instead invoke relevant code from
gss_acquire_impersonate_name based on name type.
LMK your thoughts.


On Wed, May 6, 2020 at 1:26 PM Isaac Boukris <iboukris at> wrote:

> On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson at> wrote:
> >
> >
> >
> > There may be alternative designs for the API; for instance, we could
> > perhaps instead define a new name type and use
> > gss_acquire_cred_impersonate_name().
> Yes, that would solve the authdata problem and we can skip the name+cert
> case.
> @Puran, feel free to develop it on top PR 1063 if you like, it already
> got some tests.

More information about the krbdev mailing list