diff options
| author | Simo Sorce <simo@redhat.com> | 2013-08-20 21:28:04 -0400 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-10-23 19:52:13 +0200 |
| commit | 649554391df40d51ae9339cd7e4a1d61f0dbe025 (patch) | |
| tree | 72f075f64e8fe6fae7f66acc15214df1863e44e2 /proxy/src/gp_proxy.h | |
| parent | 485a2eb71d3a22c50a5be35318d421b451713ccb (diff) | |
| download | gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.tar.gz gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.tar.xz gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.zip | |
Add impersonation support
By setting the impersonate flag to true, the acquisition of credentials will
be done using constrained delegation (s4uself + s4u2proxy).
To work this needs MIT Kereberos 1.11.4 or later.
Previous versions have a bug in the import_cred function that prevents the
library from properly importing previously exported delegated credentials.
Resolves: https://fedorahosted.org/gss-proxy/ticket/95
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/src/gp_proxy.h')
| -rw-r--r-- | proxy/src/gp_proxy.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index 5f42ffa..8390f5d 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -53,6 +53,7 @@ struct gp_service { bool any_uid; bool trusted; bool kernel_nfsd; + bool impersonate; char *socket; SELINUX_CTX selinux_ctx; gss_cred_usage_t cred_usage; |