Code review request: 6355584: Introduce constrained Kerberos delegation
Weijun Wang
weijun.wang at oracle.com
Fri Aug 31 05:56:31 UTC 2012
Hi All
Please review
http://cr.openjdk.java.net/~weijun/6355584/webrev.00/
This enables 2 changes:
1. As an initiator, you can call
((ExtendedGSSCredential)cred).impersonate(other)
to impersonate a client.
2. As an acceptor, context.getDelegCred() can still return a constrained
delegated credential even if the initiator has not called
context.requestCredDeleg(true) to enable traditional delegation.
These are implemented with MS's S4U2self and S4U2proxy extensions to
Kerberos 5.
Thanks
Max
More information about the security-dev
mailing list