Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Webauth and SPNEGO with credential delegation

Russ Allbery eagle at
Sun Jun 17 07:31:08 PDT 2007

Joachim Keltsch <joachim at> writes:

> well, I think it could be enough to change the interpretation of the
> protocol and leave the structure that goes over the wire untouched.

> I assume the login user-interface ensures that a username be filled in
> for now.  So it could leave the username empty to indicate that the
> password field contains a TGT. This would also indicate that the
> username should be taken from the TGT instead.

I think you'll find that, given the encoding that the WebKDC expects and
has support for, it's actually easier to extend the token format than to
do that so that you can take advantage of the TGT unpacking code that
already exists.

Russ Allbery <eagle at>
Technical Lead, ITS Unix Systems and Applications, Stanford University

More information about the webauth-info mailing list