On 10/26/2018 06:30 PM, Rick van Rein wrote:> Is there an API to extract AuthorizationData from GSSAPI credentials > that use Kerberos under the hood? I cannot find it in the RFCs.
The shortest-path answer for you is probably the extension gsskrb5_extract_authz_data_from_sec_context(), which is implemented in MIT krb5 and Heimdal. The cleaner answer is name attributes (RFC 6680), ideally with well-considered cross-mechanism names, but that requires extra implementation work for each authorization data type. MIT krb5 has a pluggable interface for doing that translation, but it's unfortunately not polished or stable. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
