[16752] in Kerberos_V5_Development
Re: Delegation and Moonshot
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Apr 4 13:23:18 2011
From: Russ Allbery <rra@stanford.edu>
To: Moonshot community list <moonshot-community@jiscmail.ac.uk>,
"krbdev\@mit.edu" <krbdev@mit.edu>
In-Reply-To: <AF22567B-AD23-43A5-9BB3-B08EF0BA9B5E@padl.com> (Luke Howard's
message of "Mon, 4 Apr 2011 15:53:35 +1000")
Date: Mon, 04 Apr 2011 10:23:12 -0700
Message-ID: <87ei5iszgf.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Luke Howard <lukeh@padl.com> writes:
> With the example you give, you might be interested in an OpenLDAP ACL
> plugin we've developed that lets you use GSS attribute value assertions
> - eg from a SAML assertion - as authorization subjects.
Yeah, that's a good idea -- thank you.
Also, thank you to Nico -- I hadn't thought about impersonation without
delegation thoroughly enough.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
