Re: Extracting AuthorizationData from GSS-API credentials?
On 10/26/2018 06:30 PM, Rick van Rein wrote:> Is there an API to extract
AuthorizationData from GSSAPI credentials
> that use Kerberos under the hood? I cannot find it in the RFCs.
The shortest-path answer for you is probably the extension
gsskrb5_extract_authz_data_from_sec_context(), which is implemented in
MIT krb5 and Heimdal.
The cleaner answer is name attributes (RFC 6680), ideally with
well-considered cross-mechanism names, but that requires extra
implementation work for each authorization data type. MIT krb5 has a
pluggable interface for doing that translation, but it's unfortunately
not polished or stable.
Kerberos mailing list [hidden email] https://mailman.mit.edu/mailman/listinfo/kerberos