On 05/17/2013 10:56 AM, Vipul Mehta wrote: > So, on acceptor side, how do i know that initiator has delegated the > credentials if i can't rely on context delegation flag ?
The GSSAPI doesn't distinguish between different kinds of credential delegation. But if you use GSS_C_ACCEPT rather than GSS_C_BOTH acceptor credentials, then constrained delegation won't be used, and you will be able to tell whether traditional Kerberos ticket forwarding was used. > What about the java implementation of GSS ? Looks like there it works fine. Does it support constrained delegation? If it doesn't, then the behavior difference isn't surprising. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
