Constrained Delegation with certificate and GSS API

Isaac Boukris iboukris at
Mon May 11 17:36:54 EDT 2020

On Mon, May 11, 2020 at 6:55 AM Puran Chand <puran157 at> wrote:
> I don't see a name type for certificate as per

The idea was to add a new name type.

> Also as I understand, I need to get rid of gss_acquire_cred_impersonate_cert and instead invoke relevant code from gss_acquire_impersonate_name based on name type.
> LMK your thoughts.

Yeah, the caller would import the cert data with the new name-type and
pass it to gss_acquire_cred_impersonate_name() as desired_name.

More information about the krbdev mailing list