cURL / Mailing Lists / curl-library / Single Mail



From: Kamil Dudka <>
Date: Mon, 25 Jul 2011 12:28:49 +0200

On Fri July 22 2011 20:07:06 Daniel Stenberg wrote:
> Richard Silverman commented the following, which I believe didn't make it
> through to the list:
> ----
> At least in the MIT Kerberos GSSAPI implementation, if you set
> GSS_C_DELEG_POLICY_FLAG for gss_init_sec_context(), it will delegate if and
> only if the OK-AS-DELEGATE flag is set in the service ticket. So, I
> propose three options for curl behavior:
> 1) no delegation (default)
> 2) delegate, but only if the ticket has OK-AS-DELEGATE
> 3) unconditional delegation
> ----

Richard's proposal is now reflected in my incremental patch. I am attaching
both patches to be applied. CURLOPT_GSSAPI_DELEGATION now takes values 0..2,
0 means 'no delegation' (default), 1 means 'delegate, but only if the ticket
has OK-AS-DELEGATE' as long as this is supported by the GSSAPI implementation
(otherwise equal to 0), and 2 means 'unconditional delegation'. Thanks to
all who helped to move this issue forward!


List admin:

Received on 2011-07-25