Proposal to export gssapi context

Nicolas Williams Nicolas.Williams at
Wed Mar 24 15:06:32 EST 2004

On Wed, Mar 24, 2004 at 02:49:38PM -0500, Sam Hartman wrote:
Sam> I don't think having a macro for the current version in a public
Sam> header is a good idea.  People might use it and failing to think of a
Sam> way of using it that would be correct.

Sam> The version number should be in the structure name.

IIRC I convinced Sam on the phone that it is entirely possible to have
an interoperable standard for exported context tokens for the Kerberos V

Given this, and given that there is a change in the necessary contents
of rfc1964 and CFX context tokens, I agree that the format needs to
contain whatever versioning information is required, and I also think
that the format should be extensible.

Sam> It seems like you actually only need two keys: the context key and the
Sam> server subkey.  You can determine the sequence key from the context
Sam> key.  As Ken pointed out you don't need both enctypes and keys; the
Sam> key contains the enctype.


Sam> Presumably the return from krb5_gss_export_lucid_context should be a
Sam> void * and cast by the caller after looking at the version numbers.

Huh?  The import function should be able to distinguish the version of
the exported context token from the context token itself.

This really should be done as an Internet-Draft.


More information about the krbdev mailing list