curl-library
Re: [PATCH] A new option CURLOPT_GSSAPI_DELEGATION
Date: Mon, 25 Jul 2011 12:28:49 +0200
On Fri July 22 2011 20:07:06 Daniel Stenberg wrote:
> Richard Silverman commented the following, which I believe didn't make it
> through to the list:
>
> ----
>
> At least in the MIT Kerberos GSSAPI implementation, if you set
> GSS_C_DELEG_POLICY_FLAG for gss_init_sec_context(), it will delegate if and
> only if the OK-AS-DELEGATE flag is set in the service ticket. So, I
> propose three options for curl behavior:
>
> 1) no delegation (default)
> 2) delegate, but only if the ticket has OK-AS-DELEGATE
> 3) unconditional delegation
>
> ----
Richard's proposal is now reflected in my incremental patch. I am attaching
both patches to be applied. CURLOPT_GSSAPI_DELEGATION now takes values 0..2,
0 means 'no delegation' (default), 1 means 'delegate, but only if the ticket
has OK-AS-DELEGATE' as long as this is supported by the GSSAPI implementation
(otherwise equal to 0), and 2 means 'unconditional delegation'. Thanks to
all who helped to move this issue forward!
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- text/x-patch attachment: 0001-Add-new-CURLOPT_GSSAPI_DELEGATION-option.patch
- text/x-patch attachment: 0002-curl_gssapi-refine-the-handling-of-CURLOPT_GSSAPI_DE.patch