Constrained Delegation with certificate and GSS API
puran157 at gmail.com
Mon May 11 00:55:26 EDT 2020
I don't see a name type for certificate as per
Also as I understand, I need to get rid of
gss_acquire_cred_impersonate_cert and instead invoke relevant code from
gss_acquire_impersonate_name based on name type.
LMK your thoughts.
On Wed, May 6, 2020 at 1:26 PM Isaac Boukris <iboukris at gmail.com> wrote:
> On Wed, May 6, 2020 at 6:46 AM Greg Hudson <ghudson at mit.edu> wrote:
> > https://github.com/krb5/krb5/pull/1063
> > There may be alternative designs for the API; for instance, we could
> > perhaps instead define a new name type and use
> > gss_acquire_cred_impersonate_name().
> Yes, that would solve the authdata problem and we can skip the name+cert
> @Puran, feel free to develop it on top PR 1063 if you like, it already
> got some tests.
More information about the krbdev