Simo Sorce

@niki-eng sounds like we dropped this one, do you still experience this issue, did you find out anything new ? I am surprised to see that the cookie has been...

Not overkill but there are other modules that can do that and circle back to mod_auth_gssapi. This is some work we have done in the freipa project to transition from...

@adelton can you comment on the above idea ?

PR #151 seem to implement what @frenche suggested, it needs some polishing but should give at least basic auth.

If this is implemented we could make GssapiDelegCcacheUnique a default.

On Fri, 2015-08-21 at 11:26 -0700, Robbie Harwood wrote: > Michael Šimáček [email protected] writes: > > > What do you mean by handle? What do you suggest to do to...

You may be acquiring credentials just to know who the principal is and it is not hugely important if credentials are expired or not because you may then go on...

Perhaps we should not throw exception when inquiring though, and just return lifetime of 0. We should throw the exception if the user tries to use expired credentials though.

Note that the minimum version of jwcrypto required in various places is still 0.4.2 It may be wise to require at least version 1.0 or better yet just require 1.4.0...

Note that I release jwcrypto 1.4.1 which is able to handle freeipa without this change. However I strongly suggest this PR still be merged as it will be more future...