It should be possible to support server side delegation using the ImpersonateSecurityContext and RevertSecurityContext functions in SSPI.
https://docs.microsoft.com/en-us/windows/desktop/api/sspi/nf-sspi-impersonatesecuritycontext
https://docs.microsoft.com/en-us/windows/desktop/api/sspi/nf-sspi-revertsecuritycontext
https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/context-requirements
The API work to match ccs-pykerberos:
- Add support for the "delegated" param to authGSSClientInit
- Add support for authGSSServerHasDelegated
I don't think the other related functions (authGSSServerStoreDelegate and authGSSServerCacheName) make sense in SSPI or are possible to replicate.
It should be possible to support server side delegation using the ImpersonateSecurityContext and RevertSecurityContext functions in SSPI.
https://docs.microsoft.com/en-us/windows/desktop/api/sspi/nf-sspi-impersonatesecuritycontext
https://docs.microsoft.com/en-us/windows/desktop/api/sspi/nf-sspi-revertsecuritycontext
https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/context-requirements
The API work to match ccs-pykerberos:
I don't think the other related functions (authGSSServerStoreDelegate and authGSSServerCacheName) make sense in SSPI or are possible to replicate.