 |
 |
Hi Andy, yes, a patch was my original intent. I was hoping it would be easy, but after a quick skim over the code, it's not. Just trying all Credential Collections would mean to modify several initialization functions, and rework the logic a bit so a loop over all credential collections can be done with tests of authentication in between. The more correct way, to check against the domain and from that map the correct realm, would even mean changing the XrdSecInterface if I understand correctly to pass through the domain name / endpoint, and I'd need to learn more about the Kerberos API to actually query the realm <=> domain mapping. For all of this, I'd need a significant time just to understand the program flow and the corner cases (there are special cases when variables in principal names are evaluated etc). While I would certainly be interested, I don't have the resources (time) at the moment :sad:. Cheers, Oliver -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/535#issuecomment-398556172 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1