@@ -22,7 +22,8 @@ class SecurityContext(rsec_contexts.SecurityContext):
2222 :class:`~gssapi.raw.sec_contexts.SecurityContext` class,
2323 and thus may used with both low-level and high-level API methods.
2424
25- This class may be pickled an unpickled.
25+ This class may be pickled and unpickled (the attached delegated
26+ credentials object will not be preserved, however).
2627 """
2728
2829 def __new__ (cls , base = None , token = None ,
@@ -106,7 +107,7 @@ def __init__(self, base=None, token=None,
106107 self ._channel_bindings = channel_bindings
107108 self ._creds = creds
108109
109- self .delegated_creds = None
110+ self ._delegated_creds = None
110111
111112 else :
112113 # we already have a context in progress, just inspect it
@@ -418,6 +419,18 @@ def lifetime(self):
418419 """The amount of time for which this context remains valid"""
419420 return rsec_contexts .context_time (self )
420421
422+ @property
423+ def delegated_creds (self ):
424+ """The credentials delegated from the initiator to the acceptor
425+
426+ .. warning::
427+
428+ This value will not be preserved across picklings. These should
429+ be separately exported and transfered.
430+
431+ """
432+ return self ._delegated_creds
433+
421434 initiator_name = _utils .inquire_property (
422435 'initiator_name' , 'The :class:`Name` of the initiator of this context' )
423436 target_name = _utils .inquire_property (
@@ -512,9 +525,9 @@ def _acceptor_step(self, token):
512525 self , self ._channel_bindings )
513526
514527 if res .delegated_creds is not None :
515- self .delegated_creds = Credentials (res .delegated_creds )
528+ self ._delegated_creds = Credentials (res .delegated_creds )
516529 else :
517- self .delegated_creds = None
530+ self ._delegated_creds = None
518531
519532 self ._complete = not res .more_steps
520533
0 commit comments