GSSAPI AES Support?

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Apr 5 13:27:10 EDT 2005


MWChapel wrote:

> I don't see any AES support in 1.4 src either.
> 
> If so what are you using for your
> GSS_KRB5_CONF_C_QOP_AES128
> GSS_KRB5_CONF_C_QOP_AES256
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES128
> GSS_KRB5_INTEG_C_QOP_HMAC_SHA1_96_AES256
> 
> As I see none in the source. If you will support AES in 1.4 GSSAPI,
> what rfc are you using to define those values. I would REALLY like to
> see this soon as an extension.
> 
> Michael Chapel
> Java Kerberos/JGSS Development
> IBM/Tivoli Java Security 
> Austin Texas

Michael:

GSSAPI AES is implemented using "The Kerberos Version 5 GSS-API
Mechanism: Version 2" which is approved and sitting in the RFC Editor's
queue awaiting publication.

http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-gssapi-cfx-07.txt

When this version is used, QOP values are ignored.  Therefore, there
are no QOP constants defined for AES128 or AES256 as AES can only be
used with GSS Krb5 Version 2.

Jeffrey Altman





More information about the Kerberos mailing list