question about wanted_enctypes in krb5_gss_init_sec_context()
hartmans at MIT.EDU
Thu Jun 20 14:38:00 EDT 2002
>>>>> "Will" == Will Fiveash <william.fiveash at sun.com> writes:
Will> I've noticed in the 18.104.22.168.2.4 version of
Will> init_sec_context.c (MIT 1.2.5) that the function
Will> krb5_gss_init_sec_context() uses the intersection of
Will> wanted_enctypes and the default_tgs_enctypes as the list of
Will> enctypes that a GSS client will request for the session key.
Will> I'm wondering if the code to find the intersection is really
Will> necessary. Can't the default_tgs_enctypes be used for the
Will> list of requested session key enctypes by GSS clients? If
Will> so, then the wanted_enctypes array could go away which
Will> would be a good thing.
In 1.2.5 probably so. On the mainline, no. We do not support GSS
with the export grade RC4 as an example.
In general, because of the way RFC 1964 is written, we cannot
guarantee that we have a way to use arbitrary session key types with
If that were fixed, that array could go away.
More information about the krbdev