Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/gss-proxy/ticket/109 A client process can request that its credentials be forwarded to the target by setting the GSS_C_DELEG_FLAG at context initialization. However this is not desirable if gssproxy is being used to prevent the caller from getting access to credentials, because in that case, normally the caller should also be prevented from exposing them to the target. A default list of flags forcibly on or forcibly off should be created and a configuration option to forcibly add or forcibly remove flags should be created. The option should be something like: init_flags = +GSS_C_DELEG_FLAG or also init_flags = +0x0001 The second notation can be used in in future new flags that do not have a name in the binry are introduced that needs tweaking.
Fix pushed.
test with nfs OK, sanityOnly
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.