Proposal to export gssapi context
Nicolas Williams
Nicolas.Williams at sun.com
Wed Mar 24 15:11:16 EST 2004
On Wed, Mar 24, 2004 at 10:18:44AM -0500, Kevin Coffman wrote:
> > Ken Raeburn <raeburn at MIT.EDU> writes:
> > > OM_uint32
> > > krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status,
> > > gss_cred_id_t cred,
> > > int num_ktypes,
> > > krb5_enctype *ktypes);
> >
> > 1) Is "cred" allowed to be GSS_C_NO_CREDENTIAL? If so, what does that
> > mean?
>
> I don't think it should be allowed. We're assuming that cred is
> what is returned from acquire_cred and I don't think GSS_C_NO_CREDENTAIL
> is a valid (successful) return from acquire_cred, correct?
With an eye to the GGF extensions, what should happen is that this sort
of extension should output a new credential handle. If the input
credential handle is the GSS_C_NO_CREDENTIAL then the output should be a
cred that corresponds to GSS_Acquire_cred() of the GSS_C_NO_NAME, plus
the options set by the extension (in this case the enctypes
restrictions).
Nico
--
More information about the krbdev
mailing list