be708ca3cf
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status