On getting the subkey from EncAPRepPart
Prakash Narayanaswamy
prakash at nutanix.com
Wed Feb 5 19:12:27 EST 2014
Hi everyone,
Working towards kerberizing a SMB server (running on Linux), we've
progressed past mutual authentication and are now working on providing
security services using the GSS API. In particular, we are currently
focusing on generating and validating the MACs -- I mean on signing the SMB
messages and validating the signatures.
We are using the SMB client on Windows to test our implementation and
progress.
We got the session key using the GSS API gss_inquire_sec_context_by_
oid(GSS_C_INQ_SSPI_SESSION_*KEY)* for use as the key derivation key in the
PRF but having observed validations to be failing with the generated
signing key we are trying to get the subkey in the EncAPRepPart of the
KRB_AP_REP message for use as the key derivation key.
Now for the question: Does the aforementioned API return the subkey from
EncAPRepPart of the KRB_AP_REP message or are they different. If they are
different, can you please point us to the right GSS API that we should be
using to get the subkey from the EncAPRepPart of the KRB_AP_REP message.
We are using Kerberos 5 Release 1.12.1.
Thanks a lot,
Prakash N | 408 771 4273
More information about the Kerberos
mailing list