[38546] in Kerberos
Re: Multi-Hop Authentication and Constrained Delegation?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed May 22 23:41:23 2019
To: Robert Wehn <robert.wehn@rz.uni-augsburg.de>, kerberos <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <95e2019f-0774-6d91-4236-70e1cda2b269@mit.edu>
Date: Wed, 22 May 2019 23:41:08 -0400
MIME-Version: 1.0
In-Reply-To: <ad61e8e7-c25d-87bd-eb2b-d3b110ca57f4@rz.uni-augsburg.de>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/22/19 2:17 PM, Robert Wehn wrote:
> However we are lacking the information, of how to actually implement and
> use it on the application side.
>
> How to implement constrained delegation in an application?
We have documentation on that at:
http://web.mit.edu/kerberos/krb5-latest/doc/appdev/gssapi.html#constrained-delegation-s4u
> Is there an open source application out there, where one could see and
> learn, how to implement constrained delegation?
>
> Does Apache implement anything in that kind, one could build and rely on?
You may be able to use mod_auth_gssapi:
https://github.com/modauthgssapi/mod_auth_gssapi
The GssapiUseS4U2Proxy activates constrained delegation.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
