Constrained Delegation with certificate and GSS API
Puran Chand
puran157 at gmail.com
Mon May 11 00:55:26 EDT 2020
I don't see a name type for certificate as per
https://web.mit.edu/kerberos/krb5-devel/doc/appdev/gssapi.html#name-types
Also as I understand, I need to get rid of
gss_acquire_cred_impersonate_cert and instead invoke relevant code from
gss_acquire_impersonate_name based on name type.
LMK your thoughts.
-Puran
On Wed, May 6, 2020 at 1:26 PM Isaac Boukris <iboukris at gmail.com> wrote:
> On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson at mit.edu> wrote:
> >
> > https://github.com/krb5/krb5/pull/1063
> >
> > There may be alternative designs for the API; for instance, we could
> > perhaps instead define a new name type and use
> > gss_acquire_cred_impersonate_name().
>
> Yes, that would solve the authdata problem and we can skip the name+cert
> case.
>
> @Puran, feel free to develop it on top PR 1063 if you like, it already
> got some tests.
>
More information about the krbdev
mailing list