<div dir="ltr">Hello, <div><br></div><div>I use negotiate_kerberos_auth helper and it sets the AD groups list in a group annotation attribute.</div><div><span style="white-space-collapse: preserve;">It works well, but </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">this</span><span style="white-space-collapse: preserve;"> </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">attribute</span><span style="white-space-collapse: preserve;"> is not </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">available</span><span style="white-space-collapse: preserve;"> </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">in</span><span style="white-space-collapse: preserve;"> the </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">subsequent</span><span style="white-space-collapse: preserve;"> </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">requests</span><span style="white-space-collapse: preserve;"> </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">in</span><span style="white-space-collapse: preserve;"> an </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">ssl</span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">-</span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">bumped</span><span style="white-space-collapse: preserve;"> </span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">connection (it is available only in the first CONNECT request)</span><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">.</span></div><div><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">Is it <span class="gmail-YPkS7KbdpWfGdYKd3QB9">possible</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">to</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">make</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">this</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">attribute</span> persistent <span class="gmail-YPkS7KbdpWfGdYKd3QB9">in</span> the <span class="gmail-YPkS7KbdpWfGdYKd3QB9">current</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">SSL</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">connection</span><span class="gmail-YPkS7KbdpWfGdYKd3QB9">?</span>

<span class="gmail-YPkS7KbdpWfGdYKd3QB9">I</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">would</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">like</span> to <span class="gmail-YPkS7KbdpWfGdYKd3QB9">use</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">groups</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">from</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">this</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">attribute</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">to</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">authorize</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">users</span> <span class="gmail-YPkS7KbdpWfGdYKd3QB9">using</span> only "note"-type <span class="gmail-YPkS7KbdpWfGdYKd3QB9">ACLs</span>, no external helpers involved.
<br></span></div><div><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">Kind regards,</span></div><div><span class="gmail-YPkS7KbdpWfGdYKd3QB9" style="white-space-collapse: preserve;">    Ankor.


</span></div></div>