Exporting gssapi context, take two
Kevin Coffman
kwc at citi.umich.edu
Tue Apr 27 10:12:05 EDT 2004
I've run into a couple of issues implementing the krb5_gss_set_allowable
_enctypes() function.
First, the call to gss_acquire_cred, to get the cred handle, is going
through the mechglue layer which returns a handle to the mechglue's
union_cred, not a Kerberos cred handle. This requires a glue function
for set_allowable_enctypes() to translate from the union_cred handle to
the Kerberos handle.
Second, the easiest way to implement the glue function is to require
another parameter for the mechanism. Changing the signature as follows:
-OM_uint32
-krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status,
- gss_cred_id_t cred,
- OM_uint32 num_ktypes,
- krb5_enctype *ktypes);
+OM_uint32
+gss_set_allowable_enctypes(OM_uint32 *minor_status,
+ gss_cred_id_t cred,
+ gss_OID mechanism,
+ OM_uint32 num_ktypes,
+ void * *ktypes);
Any suggestions for a cleaner/clearer approach?
K.C.
More information about the krbdev
mailing list