Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Webauth and SPNEGO with credential delegation

Russ Allbery eagle at windlord.stanford.edu
Sun Jun 17 07:31:08 PDT 2007


Joachim Keltsch <joachim at keltsch.net> writes:

> well, I think it could be enough to change the interpretation of the
> protocol and leave the structure that goes over the wire untouched.

> I assume the login user-interface ensures that a username be filled in
> for now.  So it could leave the username empty to indicate that the
> password field contains a TGT. This would also indicate that the
> username should be taken from the TGT instead.

I think you'll find that, given the encoding that the WebKDC expects and
has support for, it's actually easier to extend the token format than to
do that so that you can take advantage of the TGT unpacking code that
already exists.

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Unix Systems and Applications, Stanford University



More information about the webauth-info mailing list