[17195] in Kerberos_V5_Development
Re: gss_pname_to_uid: is that the right interface
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Sep 21 13:16:06 2011
From: Sam Hartman <hartmans@mit.edu>
To: Simo Sorce <simo@redhat.com>
Date: Wed, 21 Sep 2011 13:15:45 -0400
In-Reply-To: <1316607799.2684.551.camel@willson.li.ssimo.org> (Simo Sorce's
message of "Wed, 21 Sep 2011 08:23:19 -0400")
Message-ID: <tsl4o056cla.fsf@mit.edu>
MIME-Version: 1.0
Cc: Nico Williams <nico@cryptonector.com>, lukeh@padl.com, krbdev@mit.edu,
lha@h5l.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Simo" == Simo Sorce <simo@redhat.com> writes:
Simo> This is in fact, something I would like to see, and have
Simo> already planned to take a stab into seeing how difficult it is
Simo> to plug this in.
Provide an authorization plugin that calls out to sssd and attaches a
local name attribute to the name. If you're also implying authorization
then use local-login-userand then the existing gss_localname interface I
proposed will automagically work. If you need to say the localname of
this gss name is hartmans but userok should fail, then we need a bit
more work. I hope you don't need to say that.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
