Skip to content

SecurityContext#delegated_creds should be a property with documentation #95

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
DirectXMan12 opened this issue Feb 23, 2016 · 4 comments
Closed

SecurityContext#delegated_creds should be a property with documentation #95

DirectXMan12 opened this issue Feb 23, 2016 · 4 comments
Assignees
@DirectXMan12
Labels
bug documentation
Milestone
1.2.0

Comments

@DirectXMan12
Copy link
Member

Currently, SecurityContext#delegated_creds is just a normal instance attribute of SecurityContext, which means that it can be accidentally overwritten, and it does not show up in the documentation. This should be fixed.
@DirectXMan12 DirectXMan12 added this to the 1.1.5 milestone Feb 23, 2016
@DirectXMan12 DirectXMan12 self-assigned this Feb 23, 2016
@simo5
Copy link
Contributor

simo5 commented Feb 24, 2016

I think it should be possible to drop the delegated credentials esp if we allow to pickle the whole security context and then restore it.
Someone may want to pass around a security context but not transfer any delegated credentials to a lower priviliged process as dellegated credentials may include a delegated tgt.

@DirectXMan12
Copy link
Member Author

Pickling the SecurityContext uses a special pickle process that doesn't actually pickle the object -- it just uses export_sec_context() (so the unpickling process just reconstitutes the SecurityContext using import_sec_context()).

@simo5
Copy link
Contributor

simo5 commented Feb 24, 2016

This means delegated credentials get lost in the process.
On the one hand I think this is more secure, OTOH it may come as a suprise to the user and should be carefully documented.

@DirectXMan12
Copy link
Member Author

Yeah. The only reason delegated creds are stored as a field is so that the "step" method can return only a token. It should definitely be documented, though

DirectXMan12 added a commit that referenced this issue Feb 25, 2016
@DirectXMan12
Expose SecurityContext#delegated_creds
b0023ca 
This commit exposes `SecurityContext#delegated_creds` as a documented
property.  Previously, it existed as a field, but was undocumented.

Fixes #95
@DirectXMan12 DirectXMan12 mentioned this issue Feb 25, 2016
Merged
@DirectXMan12 DirectXMan12 modified the milestones: 1.2.0, 1.1.5 Mar 1, 2016
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@DirectXMan12 DirectXMan12

Labels
bug documentation
Projects
None yet
Milestone
1.2.0
Development

No branches or pull requests
2 participants
@DirectXMan12 @simo5