Constrained Delegation with certificate and GSS API
iboukris at gmail.com
Mon May 11 17:36:54 EDT 2020
On Mon, May 11, 2020 at 6:55 AM Puran Chand <puran157 at gmail.com> wrote:
> I don't see a name type for certificate as per https://web.mit.edu/kerberos/krb5-devel/doc/appdev/gssapi.html#name-types
The idea was to add a new name type.
> Also as I understand, I need to get rid of gss_acquire_cred_impersonate_cert and instead invoke relevant code from gss_acquire_impersonate_name based on name type.
> LMK your thoughts.
Yeah, the caller would import the cert data with the new name-type and
pass it to gss_acquire_cred_impersonate_name() as desired_name.
More information about the krbdev