On Fri July 22 2011 20:07:06 Daniel Stenberg wrote:
> Richard Silverman commented the following, which I believe didn't make it
> through to the list:
>
> ----
>
> At least in the MIT Kerberos GSSAPI implementation, if you set
> GSS_C_DELEG_POLICY_FLAG for gss_init_sec_context(), it will delegate if and
> only if the OK-AS-DELEGATE flag is set in the service ticket. So, I
> propose three options for curl behavior:
>
> 1) no delegation (default)
> 2) delegate, but only if the ticket has OK-AS-DELEGATE
> 3) unconditional delegation
>
> ----

Richard's proposal is now reflected in my incremental patch. I am attaching
both patches to be applied. CURLOPT_GSSAPI_DELEGATION now takes values 0..2,
0 means 'no delegation' (default), 1 means 'delegate, but only if the ticket
has OK-AS-DELEGATE' as long as this is supported by the GSSAPI implementation
(otherwise equal to 0), and 2 means 'unconditional delegation'. Thanks to
all who helped to move this issue forward!

Kamil

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html