Exporting gssapi context, take two

Kevin Coffman kwc at citi.umich.edu
Tue Apr 27 10:12:05 EDT 2004

I've run into a couple of issues implementing the krb5_gss_set_allowable
_enctypes() function.

First, the call to gss_acquire_cred, to get the cred handle, is going 
through the mechglue layer which returns a handle to the mechglue's 
union_cred, not a Kerberos cred handle.  This requires a glue function 
for set_allowable_enctypes() to translate from the union_cred handle to 
the Kerberos handle.

Second, the easiest way to implement the glue function is to require 
another parameter for the mechanism.  Changing the signature as follows:

-krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, 
-				gss_cred_id_t cred,
-				OM_uint32 num_ktypes,
-				krb5_enctype *ktypes);

+gss_set_allowable_enctypes(OM_uint32 *minor_status, 
+			   gss_cred_id_t cred,
+			   gss_OID mechanism,
+			   OM_uint32 num_ktypes,
+			   void * *ktypes);

Any suggestions for a cleaner/clearer approach?


More information about the krbdev mailing list