> > > the delegated credential is written as a file with in the user account > > yes, but ... > > do these delegated credentials also contain a job-related private key (and > the corresponding pubkey) to create the job-proxy-file you mentioned, or is > this information passed to the service by some other means? a private key > *is* necessary to create a sub-certificate, right?
ah, I see now how it works. There's a complete cert.chain being sent, with the self-signed root-CA too, which is in the trusted cert.dir. kind regards, H.Rosmanith
