curl / Mailing Lists / curl-library / Single Mail

curl-library

Does libcurl support Kerberos constrained delegation?

From: Sachin Nikumbh <sanikumbh_at_gmail.com>
Date: Sun, 8 Jul 2018 22:25:08 -0400

Hi,

I am looking at libcurl’s support on Kerberos delegation.

The only thing I found is CURLOPT_GSSAPI_DELEGATION added in 7.22.0.

https://curl.haxx.se/libcurl/c/CURLOPT_GSSAPI_DELEGATION.html

However, there are several issues with this option:

   1. Looks like this option is for the original Kerberos v5 delegation
   (unconstrained delegation for any services), not the Microsoft Kerberos
   protocol extension for constrained delegation.
   2. It’s using GSSAPI. So does it work natively on Windows with SSPI?

The preferred way to do Kerberos delegation is to do protocol transition
(S4U2Self) and Constrained delegation (S4U2Proxy).

https://msdn.microsoft.com/en-us/library/cc246071.aspx

https://k5wiki.kerberos.org/wiki/Projects/Services4User

Is this supported in libcurl?

If not, is there any plan to support it?

Thanks!

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-07-09

This message: [ Message body ]
Next message: Isaac Boukris: "Re: Does libcurl support Kerberos constrained delegation?"
Previous message: Daniel Stenberg: "Re: An "opt-in component" policy idea"
Next in thread: Isaac Boukris: "Re: Does libcurl support Kerberos constrained delegation?"
Reply: Isaac Boukris: "Re: Does libcurl support Kerberos constrained delegation?"
Maybe reply: xiaoyan wei: "Re: Does libcurl support Kerberos constrained delegation?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]