diff options
| author | Jan Pazdziora <jpazdziora@redhat.com> | 2016-05-28 08:31:32 +0200 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2016-06-09 10:11:43 -0400 |
| commit | d1710aff7c72263f691f09f20f91922a3ce57cfc (patch) | |
| tree | 4840aa7bba096593a3470097b44c6f066664d37c /src/mod_auth_gssapi.h | |
| parent | 17c292a0b4f7ce7c08780c17c1300721c3256031 (diff) | |
| download | mod_auth_gssapi-d1710aff7c72263f691f09f20f91922a3ce57cfc.tar.gz mod_auth_gssapi-d1710aff7c72263f691f09f20f91922a3ce57cfc.tar.xz mod_auth_gssapi-d1710aff7c72263f691f09f20f91922a3ce57cfc.zip | |
Add support for GssapiImpersonate.
This is can be enabled on locations that are authenticated by another module
to obtain a ticket for the user, so that the application gets access to
krb5 credentials and all named attributes for the client.
The service needs to be authorized by the KDC if there is the need to use
credentials for further ticket acquisition by setting the
ok_to_auth_as_delegate flag on the service principal. This will provide a
forwardable ticket that can be used to obtain additional tickets via consrained
delegation (also subkect to KDC access control).
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Close #92
Diffstat (limited to 'src/mod_auth_gssapi.h')
| -rw-r--r-- | src/mod_auth_gssapi.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 0c77b8b..6ff9fbd 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -71,6 +71,7 @@ struct mag_config { char *deleg_ccache_dir; gss_key_value_set_desc *cred_store; bool deleg_ccache_unique;; + bool s4u2self; #endif struct seal_key *mag_skey; |