Add support for GssapiImpersonate.

This is can be enabled on locations that are authenticated by another module
to obtain a ticket for the user, so that the application gets access to
krb5 credentials and all named attributes for the client.

The service needs to be authorized by the KDC if there is the need to use
credentials for further ticket acquisition by setting the
ok_to_auth_as_delegate flag on the service principal. This will provide a
forwardable ticket that can be used to obtain additional tickets via consrained
delegation (also subkect to KDC access control).

Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Close #92

0 files changed, 0 insertions, 0 deletions