diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2018-10-15 18:33:15 +0300 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2018-10-23 16:44:02 -0400 |
| commit | 0b872730081f01d0d2b6f78675bb5c74604cef62 (patch) | |
| tree | e6bea7500dc8c5581e68cbfaad1087b1e1186845 /doc | |
| parent | a7020d32cf4c7692aec1903e7818d779713ecd43 (diff) | |
| download | krb5-0b872730081f01d0d2b6f78675bb5c74604cef62.zip krb5-0b872730081f01d0d2b6f78675bb5c74604cef62.tar.gz krb5-0b872730081f01d0d2b6f78675bb5c74604cef62.tar.bz2 | |
Add GSS_KRB5_NT_ENTERPRISE_NAME name type
Add a new name-type OID which causes a string to be imported as an
enterprise name. This is useful for authenticating and impersonating
users with their UPN names.
Resurrect t_imp_name test to exercise importing of the new name OID.
Also add a test using the new name in cross-realm protocol transition,
to exercise s4u_identify_user() with multiple realms.
[ghudson@mit.edu: added Windows export entry; adjusted comments and
test code; edited commit message]
ticket: 8756 (new)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/appdev/gssapi.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/appdev/gssapi.rst b/doc/appdev/gssapi.rst index a53094f..d26ac08 100644 --- a/doc/appdev/gssapi.rst +++ b/doc/appdev/gssapi.rst @@ -55,6 +55,12 @@ name types are supported by the krb5 mechanism: * **GSS_C_NT_EXPORT_NAME**: The value must be the result of a gss_export_name_ call. +* **GSS_KRB5_NT_ENTERPRISE_NAME**: The value should be a krb5 + enterprise name string (see :rfc:`6806` section 5), in the form + ``user@suffix``. This name type is used to convey alias names, and + is defined in the ``<gssapi/gssapi_krb5.h>`` header. (New in + release 1.17.) + Initiator credentials --------------------- |