medinski94
commented
4 years ago Sorry, this breaks functionality when regex is disabled. I can’t accept in its current form.
Should be fixed now.
Closed medinski94 closed 2 years ago
medinski94
commented
4 years ago Sorry, this breaks functionality when regex is disabled. I can’t accept in its current form.
Should be fixed now.
ABOB069
commented
2 years ago Hi @medinski94 , can you please help with more details how to use the delegation?
arturslogins
commented
2 years ago Constrained dele
Hi @medinski94 , can you please help with more details how to use the delegation?
Yes, this would be nice to see
JoshuaLyle
commented
2 years ago Is there just a basic example of specifying all users for a group for auth_gss_authorized_principal_regex? The following example for any user for a certain groupname doesn't seem to work
auth_gss_authorized_principal_regex ^(.*)/(groupname)@.*$
Implemented support for delegation (unconstrained and constrained) and authorizing principals using a regex pattern. README.md has been changed to document these new features.
Authorizing principals using a regex pattern can be enabled using the auth_gss_authorized_principal_regex directive.
Unconstrained delegation can be enabled using the auth_gss_delegate_credentials directive. Constrained delegation (S4U2proxy) can be enabled using the auth_gss_constrained_delegation directive. Constrained delegation is currently only supported using the negotiate authentication scheme.
These new features has only been tested using MIT Kerberos. Use at your own risk if using Heimdal Kerberos. Both unconstrained and constrained delegation has been tested for concurrency.