Proposal to export gssapi context

Sam Hartman hartmans at MIT.EDU
Wed Mar 24 14:55:29 EST 2004

>>>>> "Ken" == Ken Raeburn <raeburn at MIT.EDU> writes:

    Ken> 2) I assume it applies whether the credentials in question are used as
    Ken>    initiator or acceptor, and thus could make init_sec_context or
    Ken>    accept_sec_context fail?

IT's really only needed on the initiator side.  We could allow it to
be used on the acceptor side but this would be additional complexity.

    Ken> 3) Which keys does it actually apply to?
    Ken> If protocol == 0, sign_alg and seal_alg matter but the subkey stuff
    Ken> does not.  If protocol == 1, the reverse is true.

    Ken> A union would be more compact, and wouldn't require filling in fields
    Ken> that have no meaning.  (In other words, a discriminated union with
    Ken> 'protocol' as the discriminant.)

>From a style standpoint, I really don't like to see unions being used
above the level of bit twiddling with device registers.  If others on
the team disagree I don't mind being outvoted on this (or other) style

I'd prefer that the code initialize all the fields to sane values.  If
you want to make it very clear which fields belong with which
protocol, have a struct of structs.

However as I noted in my reply to the original, I think the only state
you actually need for CFX that you don't need for the old protocol is
the checksum types and the acceptor subkey.

More information about the krbdev mailing list