Proposal to export gssapi context

Nicolas Williams Nicolas.Williams at
Wed Mar 24 15:11:16 EST 2004

On Wed, Mar 24, 2004 at 10:18:44AM -0500, Kevin Coffman wrote:
> > Ken Raeburn <raeburn at MIT.EDU> writes:
> > > OM_uint32
> > > krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, 
> > > 				gss_cred_id_t cred,
> > > 				int num_ktypes,
> > > 				krb5_enctype *ktypes);
> > 
> > 1) Is "cred" allowed to be GSS_C_NO_CREDENTIAL?  If so, what does that
> >    mean?
> I don't think it should be allowed.  We're assuming that cred is
> what is returned from acquire_cred and I don't think GSS_C_NO_CREDENTAIL
> is a valid (successful) return from acquire_cred, correct?

With an eye to the GGF extensions, what should happen is that this sort
of extension should output a new credential handle.  If the input
credential handle is the GSS_C_NO_CREDENTIAL then the output should be a
cred that corresponds to GSS_Acquire_cred() of the GSS_C_NO_NAME, plus
the options set by the extension (in this case the enctypes


More information about the krbdev mailing list