GSSAPI context time limitation

Wachdorf, Daniel R drwachd at
Wed Jul 23 15:56:15 EDT 2003

I have two servers that provided services.  Call one the master and one the
slave.  Either one of these servers can be accesses, but I want to create a
communications channel for the messages to synchronize the data in real (or
near real) time.   I would like to keep the communications channel open all
the time for speed sakes. 

The master is considered the gssapi server.
The slave through native krb5 code acquires credentials from a keytab file,
then stores them in a temp credentials cache. I open a communications
channel (TCP), then use gssapi to create a gssapi context with the master
and send my messages back and forth.

The problem arises that these services may be up for an extended period of
time, yet the gssapi context will expire.  Is there a way to establish a
gssapi context, and use wrap and unwrap despite the fact that the context,
or even the TGT used to establish the context may be expired?

Thanks for your help.

Daniel Wachdorf
drwachd at
Sandia National Laboratories
System Security Research and Integration

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the krbdev mailing list