Proposal to export gssapi context
Nicolas Williams
Nicolas.Williams at sun.com
Wed Mar 24 15:41:17 EST 2004
On Wed, Mar 24, 2004 at 03:22:54PM -0500, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
>
> Nicolas> With an eye to the GGF extensions, what should happen is that this sort
> Nicolas> of extension should output a new credential handle. If the input
> Nicolas> credential handle is the GSS_C_NO_CREDENTIAL then the output should be a
> Nicolas> cred that corresponds to GSS_Acquire_cred() of the GSS_C_NO_NAME, plus
> Nicolas> the options set by the extension (in this case the enctypes
> Nicolas> restrictions).
>
> Why? Aren't credentials mutable by gss_add_credential etc?
GSS_Add_cred() has an option to output a new credential. If not given
then it changes its given input credentials, yes, but how does one
change GSS_C_NO_CREDENTIAL? :)
To properly pattern this interface after GSS_Add_cred() you need an
optional output credential handle.
Cheers,
Nico
--
More information about the krbdev
mailing list