SSPI API to get tokensize for client and server

Jeffrey Altman jaltman at secure-endpoints.com
Mon Jan 28 15:56:57 EST 2008


You are using the correct API.  Read the documentation.  The API will 
tell you the size of the memory you need to allocate.

Manoj Mohan wrote:
>
> Yeah thats true.. so how do I ensure that it works generically. I was 
> hoping to call some API which will help me to do that.
> Is there one ?
>
> Manoj
> Inactive hide details for Jeffrey Altman 
> <jaltman at secure-endpoints.com>Jeffrey Altman 
> <jaltman at secure-endpoints.com>
>
>
>                         *Jeffrey Altman <jaltman at secure-endpoints.com>*
>
>                         01/28/2008 02:40 PM
>                         Please respond to
>                         jaltman at secure-endpoints.com
>
> 	
>
> To
> 	
> Manoj Mohan/Lenexa/IBM at IBMUS
>
> cc
> 	
> kerberos at mit.edu
>
> Subject
> 	
> Re: SSPI API to get tokensize for client and server
>
> 	
>
>
> that code will only work if the generated token is 4096 bytes or smaller.
>
> Manoj Mohan wrote:
> > Hi,
> >
> > Right now I am calling InitializeSecurityContext and 
> AcceptSecurityContext
> > with fixed token size (4096)
> > and things are working. I was wondering if I can call
> > QueryContextAttributes or some other function
> > to get the right value rather than using a fixed value?
> >
> > For example, I am using using AcceptSecurityContext like this:
> >
> > ....................
> >   outBuffer.cbBuffer = 4096;
> >   outBuffer.BufferType = SECBUFFER_TOKEN;
> >   outToken.ulVersion = SECBUFFER_VERSION;
> >   outToken.cBuffers = 1;
> >   outToken.pBuffers = &outBuffer;
> >
> >   ss = AcceptSecurityContext( pCredHandle,
> >                               pInCtxHandle,
> >                               &inToken,
> >                               NULL,
> >                               SECURITY_NATIVE_DREP,
> >                               pOutCtxHandle,
> >                               &outToken,
> >                               &outFlags,
> >                               &lifetime );
> >   if( ss != SEC_E_OK )
> > .................................
> >
> > Regards,.........................
> > Manoj
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080128/935c9374/attachment.bin


More information about the Kerberos mailing list