Luke Howard <[log in to unmask]> writes:
> With the example you give, you might be interested in an OpenLDAP ACL
> plugin we've developed that lets you use GSS attribute value assertions
> - eg from a SAML assertion - as authorization subjects.
Yeah, that's a good idea -- thank you.
Also, thank you to Nico -- I hadn't thought about impersonation without
delegation thoroughly enough.
--
Russ Allbery ([log in to unmask]) <http://www.eyrie.org/~eagle/>
|