Bugzilla – Bug 6498
Allow no authorization with delegation as a configurable option
Last modified: 2008-10-24 10:52:11
You need to
before you can comment on or make changes to this bug.
Today CoG Jglobus explicitly prevents delegation of credential during
handshake, if client authorization is not done (that is getExpectedName() in
Authorization interface returns a null). This check is hardcoded and is not
We have use case for a project that would like to allow delegation of client
credential to any service that runs with a certificate from a CA the client
trusts. I would like to make this a configurable option, preserving the
existing behavior and documenting the necessary security considerations of
exercising the option.
Added constant GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION that determines if
authorization is enforced with delegation. If the value is set to false, then
it is disabled, all other cases authorization is required.