WS-Security and GSS-API: How do I get the session key?

Luke Howard lukeh at
Tue Mar 10 03:48:13 EDT 2009

Yes, they're mostly intended for use by the acceptor (except for the  
session key API).

-- Luke

On 10/03/2009, at 3:11 PM, Weijun Wang wrote:

> I see. So after a security context is established. These functions
> should return the same results on both side. Of course, if a  
> particular
> piece of info is only available from the encrypted part of the service
> ticket, only the service side knows it and this function is not
> supported on the client side.
> Max
> Luke Howard wrote:
>> On 09/03/2009, at 1:45 PM, Max (Weijun) Wang wrote:
>>>> gss_krb5_get_tkt_flags()
>>>> gsskrb5_extract_authz_data_from_sec_context()
>>>> gsskrb5_extract_authtime_from_sec_context()
>>> I guess the tkt or authXXX above are all for the intial TGT (instead
>>> of any service ticket). Right?
>> The service ticket; the service does not have the TGT (although the  
>> KDC
>> may use the TGT in deriving those values).
>> -- Luke

-- |

More information about the Kerberos mailing list