WS-Security and GSS-API: How do I get the session key?
Luke Howard
lukeh at padl.com
Tue Feb 24 08:36:54 EST 2009
> I don't recall offhand if there's been an IETF draft proposing the
> specific extension we've got for extracting the session key.
Something like:
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
{
OM_uint32 major, minor;
gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
gss_buffer_set_t skey = GSS_C_NO_BUFFER_SET;
...
major = gss_inquire_sec_context_by_oid(&minor,
ctx,
GSS_C_INQ_SSPI_SESSION_KEY,
&skey);
if (GSS_ERROR(major))
// handle error
if (skey == GSS_C_NO_BUFFER_SET ||
skey->count < 1 ||
skey->elements[0].value == NULL)
// optional paranoid error checking
// session key can be found in skey->elements[0]
// OID corresponding to enctype can be found in skey->elements[1]
gss_release_buffer_set(&minor, &skey);
...
}
-- Luke
More information about the Kerberos
mailing list