Reuse of GSSAPI Tokens
Douglas E. Engert
deengert at anl.gov
Thu Jul 21 14:38:06 EDT 2005
Jiva DeVoe wrote:
> Is it possible to use a token generated by the GSSAPI call
> gss_init_sec_context call to establish more than one security context
> via the gss_accept_sec_context call?
No. Generically speaking with GSS, you don't know what is in the token,
and the underlying mechanism may require the exchange a number of tokens
before returning success.
>
> Meaning, can I pass a token to gss_accept more than once? In my
> testing, it appears I can't. Subsequent calls result in an invalid
> context. If this is the case, I'm curious how this is done, since my
> token appears to be unchanged.
Why do you need to do this in the first place?
Generically speeking you should be able to establish more then one context,
but you must go through the gss_init_sec_context/gss_accept_sec_context
loop for each context. If the Kerberos gssapi mechanism is not letting
you do this, then there is a problem.
>
> --
> Jiva DeVoe
> http://www.devoesquared.com
> PowerCard - Intuitive Project Management Software for Mac OS X
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list