Howard Chu wrote:
Alexey Melnikov wrote:
Howard Chu wrote:
Alexey Melnikov wrote:
Howard Chu wrote:
This patch implements the SASL_GSS_CREDS property, which was defined
in sasl.h back in 2005.
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&searchterm=sasl_gss_creds&msg=7600
Applications need this functionality to make use of Kerberos
Services4User features.
http://k5wiki.kerberos.org/wiki/Projects/Services4User
Setting the credential in the SASL client will allow it to use an
S4U2Proxy credential, among other things.
Additional patches will still be needed to allow a SASL server to
take
advantage of this feature, as mentioned in my previous email. But
this
is a small first step just to get the ball rolling.
Hi Howard,
This looks fine, but let me ask some questions on your patch:
What about updating sasl_getprop() to match?
Sure. I didn't think it was too important since the calling app is the
only thing that can set it, it must already have it.
Let's make everything symmetrical, if it is easy. Pretty much all props
that can be set are also retrievable with sasl_getprop().
OK. Assuming you only meant to retrieve the previously-set cred, this
patch will do. If you mean to retrieve whatever cred got used,
including e.g. what the server obtained through gss_acquire_cred()
that gets a bit trickier; need to worry about who disposes of it and
such.
Right. This version looks good to me.