So, on acceptor side, how do i know that initiator has delegated the credentials if i can't rely on context delegation flag ?
What about the java implementation of GSS ? Looks like there it works fine. On Fri, May 17, 2013 at 7:18 PM, Greg Hudson <[email protected]> wrote: > On 05/17/2013 07:33 AM, Vipul Mehta wrote: > > So, for case B, the above if() condition will be true and it will set the > > context delegation flag to true on acceptor side though delegation flag > is > > false on initiator side. > > This is how our constrained delegation (S4U2Proxy) support works. I > don't see anything in RFC 2743 or RFC 2744 which requires the flag > states to be identical on the initiator and acceptor context. > > -- Regards, Vipul ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
