Proposal to export gssapi context
hartmans at MIT.EDU
Wed Mar 24 15:23:51 EST 2004
>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:
>> >>>>> "Ken" == Ken Raeburn <raeburn at MIT.EDU> writes:
Ken> 2) I assume it applies whether the credentials in question are used as
Ken> initiator or acceptor, and thus could make init_sec_context or
Ken> accept_sec_context fail?
>> IT's really only needed on the initiator side. We could allow it to
>> be used on the acceptor side but this would be additional complexity.
Kevin> It might be convenient (for us) to use on the accept side to limit
Kevin> to what the kernel supports -- despite what the keytab supports.
Kevin> But this isn't strictly necessary.
Especially if you plan to implement this, that would be fine. But in
that case you need to decide what to do if you get a ticket with a
session key that is inappropriate.
More information about the krbdev