On 20/04/2012, at 6:08 PM, Sam Hartman wrote: > The delegated credential handle coming out of gss_accept_sec_context > should include a credential element with the appropriate delegation. > As far as how you request the delegation, we don't currently have a good > story for that.
You can defer the delegation until you try to initiate a security context with the delegated credential handle. That's the design for S4U2Proxy in MIT (Nico's idea, not mine). Or are you talking about something else... I guess this doesn't work if you need to know you'll delegate at the time of the initial authentication. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
