Allow S4U2Proxy delegated credentials to be saved
authorGreg Hudson <ghudson@mit.edu>
Wed, 7 Dec 2011 19:38:13 +0000 (19:38 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 7 Dec 2011 19:38:13 +0000 (19:38 +0000)
commit38de4804776a1a1a255b89b104b983fa1f10a664
tree0cd78ce54249e399b882762b8c9d356f0b5794e0
parent8d6a83d1163fafb8e9308313c83ce0472864abbb
Allow S4U2Proxy delegated credentials to be saved

The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache).  To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.

ticket: 7046

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25529 dc483132-0cff-0310-8789-dd5450dbe970
src/include/k5-int.h
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/rel_cred.c
src/lib/gssapi/krb5/s4u_gss_glue.c
src/lib/gssapi/krb5/store_cred.c
src/lib/gssapi/krb5/val_cred.c