WS-Security and GSS-API: How do I get the session key?
Luke Howard
lukeh at padl.com
Tue Mar 10 03:48:13 EDT 2009
Yes, they're mostly intended for use by the acceptor (except for the
session key API).
-- Luke
On 10/03/2009, at 3:11 PM, Weijun Wang wrote:
> I see. So after a security context is established. These functions
> should return the same results on both side. Of course, if a
> particular
> piece of info is only available from the encrypted part of the service
> ticket, only the service side knows it and this function is not
> supported on the client side.
>
> Max
>
> Luke Howard wrote:
>>
>> On 09/03/2009, at 1:45 PM, Max (Weijun) Wang wrote:
>>
>>>> gss_krb5_get_tkt_flags()
>>>> gsskrb5_extract_authz_data_from_sec_context()
>>>> gsskrb5_extract_authtime_from_sec_context()
>>>
>>> I guess the tkt or authXXX above are all for the intial TGT (instead
>>> of any service ticket). Right?
>>
>> The service ticket; the service does not have the TGT (although the
>> KDC
>> may use the TGT in deriving those values).
>>
>> -- Luke
>
--
www.padl.com | www.fghr.net
More information about the Kerberos
mailing list