GSSAPI AES Support?
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Apr 5 13:27:10 EDT 2005
MWChapel wrote:
> I don't see any AES support in 1.4 src either.
>
> If so what are you using for your
> GSS_KRB5_CONF_C_QOP_AES128
> GSS_KRB5_CONF_C_QOP_AES256
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES128
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES256
>
> As I see none in the source. If you will support AES in 1.4 GSSAPI,
> what rfc are you using to define those values. I would REALLY like to
> see this soon as an extension.
>
> Michael Chapel
> Java Kerberos/JGSS Development
> IBM/Tivoli Java Security
> Austin Texas
Michael:
GSSAPI AES is implemented using "The Kerberos Version 5 GSS-API
Mechanism: Version 2" which is approved and sitting in the RFC Editor's
queue awaiting publication.
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-gssapi-cfx-07.txt
When this version is used, QOP values are ignored. Therefore, there
are no QOP constants defined for AES128 or AES256 as AES can only be
used with GSS Krb5 Version 2.
Jeffrey Altman
More information about the Kerberos
mailing list