Proposal to export gssapi context
cox at djehuti.com
Wed Mar 10 11:05:19 EST 2004
On Mar 10, 2004, at 10:48 AM, Nicolas Williams wrote:
> Nico> Of course, on such clients one can limit the set of enctypes one
> Nico> accept for ticket session keys. Basically, one must have
> Nico> enctype support throughout accross all applications that share a
> Nico> Kerberos V credential. This applies to initiators, and it
> applies to
> Nico> acceptors. It's a simple rule.
> Kevin> We have an additional constraint of which enctypes are
> supported by
> Kevin> the kernel.
> Precisely. The kernel counts as an "application" for the purposes of
> the above.
So you're saying we should rip out any support for enctypes in Kerberos
that don't have corresponding GSS-API token formats fully specified?
I think not.
More information about the krbdev