Pull-request with kerberos token delegation option
AiO
aio.sasl at aio.nu
Fri Jan 24 08:03:00 EST 2020
On Tue, 10 Dec 2019, Simo Sorce wrote:
> On Mon, 2019-12-09 at 10:26 +0100, AiO wrote:
>> Hi all,
>>
>> Just wanted to spread the knowledge of a pull-request I've made with some
>> nice server-side improvments on GSSAPI and Kerberos token options to use a
>> credentials cache to store user's tokens. This enables CyrusSASL to not
>> just be an authentication end-point, but also allows for single-sign-on to
>> other services server-side.
>>
>> Check it (#586) out - hope it's good-enough for the feature-set addressed.
>
> I made a review.
I have made a few more commits with various fixes - the only thing
remaining (if i'm ever gonna fix it) is fallback to [libdefaults]
default_ccache_name and maybe even DEFCCNAME. However... I think i solved
most of your very good comments. I ran into a a bit of a problem with some
other commits breaking client-side credentials loading, however #591 will
fix these issues (Thanks @hrs-allbsd !! Well spotted!).
I have another question tho: the Travis C.I. seems very flimsy - It seems
to sometimes (almost always) break on one of the jobs. The MacOSX job...
Who is handling Travis?
And... Who is responsible for getting pull-requests onto master in this
project? Because both #591 and #586 are needed in tandem to get master to
work.
Kind regards,
/AiO
More information about the Cyrus-sasl
mailing list