diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-02-01 17:18:23 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-02-01 17:18:23 +0000 |
commit | 89f378fe89c2cf51ba528827b9bd888d415a1746 (patch) | |
tree | e563f90d98bc9bddbe52abc34708b353e8ae2068 /src/include/kdb.h | |
parent | c1054423740e424e027adf93e7d1b4720ec027de (diff) | |
download | krb5-89f378fe89c2cf51ba528827b9bd888d415a1746.tar.gz krb5-89f378fe89c2cf51ba528827b9bd888d415a1746.tar.xz krb5-89f378fe89c2cf51ba528827b9bd888d415a1746.zip |
Correct the DAL documentation of
KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE; proxy is the target
service, not the delegating service.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23680 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/kdb.h')
-rw-r--r-- | src/include/kdb.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 187aa4679d..f9caca4162 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -1424,11 +1424,15 @@ typedef struct _kdb_vftabl { * * KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: req contains a * kdb_check_allowed_to_delegate_req structure. Perform a policy check - * on proxy being allowed to act on behalf of client to server. Return - * 0 if policy allows it, or an appropriate error (such as - * KRB5KDC_ERR_POLICY) if not. If this method is not implemented, all - * S4U2Proxy delegation requests will be rejected. Do not place any - * data in rep. + * on server being allowed to obtain tickets from client to proxy. + * (Note that proxy is the target of the delegation, not the delegating + * service; the term "proxy" is from the viewpoint of the delegating + * service asking another service to perform some of its work in the + * authentication context of the client. This terminology comes from + * the Microsoft S4U protocol documentation.) Return 0 if policy + * allows it, or an appropriate error (such as KRB5KDC_ERR_POLICY) if + * not. If this method is not implemented, all S4U2Proxy delegation + * requests will be rejected. Do not place any data in rep. */ krb5_error_code (*db_invoke)(krb5_context context, unsigned int method, const krb5_data *req, krb5_data *rep); |