WS-Security and GSS-API: How do I get the session key?
Michael B Allen
ioplex at gmail.com
Fri Mar 6 15:54:21 EST 2009
On Thu, Mar 5, 2009 at 9:29 PM, <weijun.wang at sun.com> wrote:
> Hi Luke
>
> On Feb 24, 9:36 pm, Luke Howard <lu... at padl.com> wrote:
>> > I don't recall offhand if there's been an IETF draft proposing the
>> > specific extension we've got for extracting the session key.
>>
>
>> major = gss_inquire_sec_context_by_oid(&minor,
>> ctx,
>> GSS_C_INQ_SSPI_SESSION_KEY,
>> &skey);
>
> Cool, we (Java SE Team at Sun) are also preparing to add a new method
> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
I think it would be better to have a GSSContext method that could
return an Object that is specific to the OID supplied. For example, in
the case of the session key, it would return a byte[] array like:
Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
byte[] sessionKey = (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);
Otherwise you're going to end up just adding more methods in an
already overwhelming API.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the Kerberos
mailing list