diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-12-07 19:38:13 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-12-07 19:38:13 +0000 |
| commit | 38de4804776a1a1a255b89b104b983fa1f10a664 (patch) | |
| tree | 0cd78ce54249e399b882762b8c9d356f0b5794e0 /src/include | |
| parent | 8d6a83d1163fafb8e9308313c83ce0472864abbb (diff) | |
| download | krb5-38de4804776a1a1a255b89b104b983fa1f10a664.tar.gz krb5-38de4804776a1a1a255b89b104b983fa1f10a664.tar.xz krb5-38de4804776a1a1a255b89b104b983fa1f10a664.zip | |
Allow S4U2Proxy delegated credentials to be saved
The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache). To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.
ticket: 7046
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25529 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 514e2ea6d..b25c159a7 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -273,7 +273,10 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" #define KRB5_CONF_V4_REALM "v4_realm" #define KRB5_CONF_ASTERISK "*" + +/* Cache configuration variables */ #define KRB5_CONF_FAST_AVAIL "fast_avail" +#define KRB5_CONF_PROXY_IMPERSONATOR "proxy_impersonator" /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table |