FIPS certification

[Nicolas Williams]

On Sat, Feb 28, 2009 at 01:07:50PM -0500, Ken Raeburn wrote:
> We'd also still need to handle the krb5_keyblock structure embedded in  
> krb5_creds; in that instance it wouldn't be extensible.

I suspect we can handle that by having a new krb5_keyblock for all
non-krb5_creds uses of it, and krb5_keyblock_old for krb5_creds.  It's
only the auth_context and the GSS mech where we need to be able to cache
derived keys and what not (crypto library handles).

Nico
--