Project review: GSS export/import cred

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Sep 3 12:36:13 EDT 2012


Here is a writeup for the GSS credential export/import facility we
plan to add for 1.11:

http://k5wiki.kerberos.org/wiki/Projects/Export_import_cred

After several discussions about serialization formats, I decided to
try out JSON for the krb5 token format.  I'm still not sure if this
turns out to be more elegant than a krb5_storage-like facility or not,
but it works okay.  We will have the freedom to change this, since GSS
serialization functions are only expected to work with matching
implementations on the other side.  The JSON support is expected to be
useful for OTP preauth question/answer serialization, so that work
isn't wasted regardless.

Candidate base64 and JSON support code is here (based loosely on
Heimdal code to do the same):

    https://github.com/greghudson/krb5/tree/json

A rough candidate implementation (no documentation yet, testing only
partially done, code needs better commenting, commit messages need to
be fleshed out) is here:

    https://github.com/greghudson/krb5/tree/expcred

Comments are appreciated.


More information about the krbdev mailing list