[16747] in Kerberos_V5_Development
Re: Delegation and Moonshot
daemon@ATHENA.MIT.EDU (Nico Williams)
Mon Apr 4 01:34:21 2011
MIME-Version: 1.0
In-Reply-To: <3E8E1D97-3304-40A6-90EB-B0F71C564710@padl.com>
Date: Mon, 4 Apr 2011 00:34:17 -0500
Message-ID: <BANLkTikmdSsaOhUtsLBovLVkCzd5S96iFQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Luke Howard <lukeh@padl.com>
Cc: Moonshot community list <moonshot-community@jiscmail.ac.uk>,
"krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Apr 4, 2011 at 12:16 AM, Luke Howard <lukeh@padl.com> wrote:
> If you want to pick apart the PAC, I would do it with the MIT libkrb5 plugin interface. See the code that already does that to some extent. If you want to process the picked apart PAC with policy to map it to UIDs, then either this interface or Shibboleth might be candidates.
The latter (I want the SIDs, the SIDs mapped to UIDs/GIDs, the homedir
UNC mapped to whatever, ...).
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
