directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: AdToken usage ?
Date Thu, 31 Dec 2015 03:19:51 GMT
AD-TOKEN is an authorization data that wraps a token. When ticket is issued to honor a request
with token credential, an authorization data in the type can be created and put into the ticket.
The token or the token derivation can be wrapped in the data, so in application side, the
authz data and the token can be queried and retrieved to enforce fine-grained authorization
control using the richful token attributes.

Yeah, we haven't used it yet. In fact, the whole authorization data part is lacking in current
Kerby server side to be implemented. You may find many types defined but not used yet, such
are indications we have much work to do. :(

Regards,
Kai

-----Original Message-----
From: Emmanuel L├ęcharny [mailto:elecharny@symas.com] 
Sent: Thursday, December 31, 2015 2:09 AM
To: kerby@directory.apache.org
Subject: AdToken usage ?

Hi,

there is a class named org.apache.kerby.kerberos.kerb.type.ad.AdToken.
What is it used for ? (there is no reference to this class anywhere in Kerby code)

AD-TOKEN ::= SEQUENCE {
      token     [0]  OCTET STRING,
}
Mime
View raw message