GSS-Proxy is a new feature developed in collaboration with the Mit Kerberos Project.
It allows to use an new type of plugin called interposer to offload context establishment to a more privileged process without changeing the GSS API.
This allows to use, for example, kerberos credentials in a process without giving direct access to keytabs or credential caches containing the user TGT.
This talk will explain how this is achieved, and what are the applications, advantages and limitations of the current implementation.
Using the GSS-Proxy protocol as a kernel upcall mechanism to handle GSS auth will also be discussed.