Proposal to export gssapi context
Sam Hartman
hartmans at MIT.EDU
Wed Mar 24 14:55:29 EST 2004
>>>>> "Ken" == Ken Raeburn <raeburn at MIT.EDU> writes:
Ken> 2) I assume it applies whether the credentials in question are used as
Ken> initiator or acceptor, and thus could make init_sec_context or
Ken> accept_sec_context fail?
IT's really only needed on the initiator side. We could allow it to
be used on the acceptor side but this would be additional complexity.
Ken> 3) Which keys does it actually apply to?
Ken> If protocol == 0, sign_alg and seal_alg matter but the subkey stuff
Ken> does not. If protocol == 1, the reverse is true.
Ken> A union would be more compact, and wouldn't require filling in fields
Ken> that have no meaning. (In other words, a discriminated union with
Ken> 'protocol' as the discriminant.)
>From a style standpoint, I really don't like to see unions being used
above the level of bit twiddling with device registers. If others on
the team disagree I don't mind being outvoted on this (or other) style
points.
I'd prefer that the code initialize all the fields to sane values. If
you want to make it very clear which fields belong with which
protocol, have a struct of structs.
However as I noted in my reply to the original, I think the only state
you actually need for CFX that you don't need for the old protocol is
the checksum types and the acceptor subkey.
More information about the krbdev
mailing list