cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] A new option CURLOPT_GSSAPI_DELEGATION

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 22 Jul 2011 20:07:06 +0200 (CEST)

On Fri, 22 Jul 2011, Vojtech Vitek (V-Teq) wrote:

> are there any comments about the patch?
>
> We all agreed with Adam Tkac and Julien Chaffraix that this already-
> refactored patch is ready to be merged into the git master branch.

Richard Silverman commented the following, which I believe didn't make it
through to the list:

----
At least in the MIT Kerberos GSSAPI implementation, if you set 
GSS_C_DELEG_POLICY_FLAG for gss_init_sec_context(), it will delegate if and 
only if the OK-AS-DELEGATE flag is set in the service ticket.  So, I propose 
three options for curl behavior:
1) no delegation (default)
2) delegate, but only if the ticket has OK-AS-DELEGATE
3) unconditional delegation
----
-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-07-22