WS-Security and GSS-API: How do I get the session key?
weijun.wang@sun.com
weijun.wang at sun.com
Thu Mar 5 21:29:17 EST 2009
Hi Luke
On Feb 24, 9:36 pm, Luke Howard <lu... at padl.com> wrote:
> > I don't recall offhand if there's been an IETF draft proposing the
> > specific extension we've got for extracting the session key.
>
> major = gss_inquire_sec_context_by_oid(&minor,
> ctx,
> GSS_C_INQ_SSPI_SESSION_KEY,
> &skey);
Cool, we (Java SE Team at Sun) are also preparing to add a new method
getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
BTW, I read the krb5-1.7 codes and notice you're supporting some other
OIDs for this new function:
KRB5_GET_TKT_FLAGS
KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT
KRB5_EXPORT_LUCID_SEC_CONTEXT
KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT
I wonder how widely they are required and whether we should also
support them. Can you give me some background info?
Thanks
Weijun
More information about the Kerberos
mailing list