Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement krb5-specific extensions #75

Closed
frozencemetery opened this issue Aug 20, 2015 · 3 comments · Fixed by #261
Closed

Implement krb5-specific extensions #75

frozencemetery opened this issue Aug 20, 2015 · 3 comments · Fixed by #261
Labels
enhancement extension

Comments

@frozencemetery
Copy link
Member

These extensions are useful as a stopgap for applications looking to move from bindings to libkrb5 to our bindings to GSSAPI, especially gss_krb5_ccache_name().
@frozencemetery frozencemetery added this to the 1.2.0 milestone Aug 20, 2015
@DirectXMan12 DirectXMan12 mentioned this issue Aug 20, 2015
Open
61 tasks
@DirectXMan12 DirectXMan12 modified the milestones: 1.3.0, 1.2.0 Mar 1, 2016
@frozencemetery
Copy link
Member Author

For ease of reference, we are talking about (from gssapi_krb5.h):

  • GSS_KRB5_NT_PRINCIPAL_NAME
  • gss_krb5_ccache_name
  • gss_krb5_copy_ccache
  • gss_krb5_get_tkt_flags
  • gss_krb5_set_allowable_enctypes

These are more niche:

  • gss_krb5_export_lucid_sec_context
  • gss_krb5_free_lucid_sec_context
  • gsskrb5_extract_authz_data_from_sec_context
  • gsskrb5_extract_authtime_from_sec_context

The following functionality is also available through the cred_store API
extensions so we may elect not to implement them at all:

  • gss_krb5_set_cred_rcache
  • gss_krb5_import_cred

@frozencemetery frozencemetery removed this from the 1.3.0 milestone Jun 2, 2020
@krizex
Copy link

krizex commented Dec 21, 2020

I am also looking forward to the implementation of gss_krb5_set_allowable_enctypes which could help me get rid of the krb5.conf when using this library.

@jborean93 jborean93 mentioned this issue Aug 6, 2021
Merged
@jborean93
Copy link
Contributor

#261 implements the following:

  • GSS_KRB5_NT_PRINCIPAL_NAME
  • gss_krb5_ccache_name
  • gss_krb5_get_tkt_flags
  • gss_krb5_set_allowable_enctypes
  • gss_krb5_export_lucid_sec_context
  • gss_krb5_free_lucid_sec_context
  • gsskrb5_extract_authz_data_from_sec_context
  • gsskrb5_extract_authtime_from_sec_context
  • gss_krb5_import_cred
    • There is a note about this being available through the cred_store API. Unfortunately Heimdal did not implement gss_acquire_cred_from making this one way of importing a CCACHE for Heimdal on older versions - important for a use case I have

I didn't implement the following:

  • gss_krb5_set_cred_rcache
    • Not present on Heimdal - seems quite limited to just implement for one
  • gss_krb5_copy_ccache
    • It is marked as deprecated on macOS Heimdal implementation (not Heimdal itself)
    • It will compile but it does emit a warning and honestly just seems more trouble than it's worth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement extension
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Kerberos specific GSS-API Extensions jborean93/python-gssapi
4 participants
@DirectXMan12 @frozencemetery @krizex @jborean93