[PATCH] GSSAPI credentials
Alexey Melnikov
alexey.melnikov at isode.com
Wed May 12 17:11:45 EDT 2010
Howard Chu wrote:
> Alexey Melnikov wrote:
>
>> Howard Chu wrote:
>>
>>> Alexey Melnikov wrote:
>>>
>>>> Howard Chu wrote:
>>>>
>>>>> This patch implements the SASL_GSS_CREDS property, which was defined
>>>>> in sasl.h back in 2005.
>>>>>
>>>>> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=sasl_gss_creds&msg=7600
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Applications need this functionality to make use of Kerberos
>>>>> Services4User features.
>>>>>
>>>>> http://k5wiki.kerberos.org/wiki/Projects/Services4User
>>>>>
>>>>> Setting the credential in the SASL client will allow it to use an
>>>>> S4U2Proxy credential, among other things.
>>>>>
>>>>> Additional patches will still be needed to allow a SASL server to
>>>>> take
>>>>> advantage of this feature, as mentioned in my previous email. But
>>>>> this
>>>>> is a small first step just to get the ball rolling.
>>>>
>>>> Hi Howard,
>>>> This looks fine, but let me ask some questions on your patch:
>>>
>>>> What about updating sasl_getprop() to match?
>>>
>>> Sure. I didn't think it was too important since the calling app is the
>>> only thing that can set it, it must already have it.
>>
>> Let's make everything symmetrical, if it is easy. Pretty much all props
>> that can be set are also retrievable with sasl_getprop().
>
> OK. Assuming you only meant to retrieve the previously-set cred, this
> patch will do. If you mean to retrieve whatever cred got used,
> including e.g. what the server obtained through gss_acquire_cred()
> that gets a bit trickier; need to worry about who disposes of it and
> such.
Right. This version looks good to me.
More information about the Cyrus-sasl
mailing list