One more question WRT gssapi...
jaltman at MIT.EDU
Tue Jul 26 22:49:45 EDT 2005
The server should never have a need to execute a gss_init_context().
To send encrypted data you process it with gss_wrap() (see gss-client.c)
and the process the data with gss_unwrap() on the receiver. Both sides
of the connection can call gss_wrap() and gss_unwrap() as well as
gss_get_mic() and gss_verify_mic().
Jiva DeVoe wrote:
> On Jul 26, 2005, at 10:18 PM, Jeffrey Altman wrote:
>> The server should be calling gss_accept_context and does not obtain
>> its own initial ticket. It uses the key stored in the keytab file
>> to decrypt the service ticket delivered by the client as part of the
>> authentication negotiation.
>> Have you examined the source code to the gss-client and gss-server
>> sample applications?
> Yep, sure have, and used those as an example of "what to do" - just
> trying to understand it.
> So what about if I want to then send encrypted data to the client
> program? Do I use the context I have gotten from accept_context for
> that? Is there ever a case where I'd need to init_context from the
> server to the client? I was under the impression I should init_context
> to the client in the case that I want to send data to her.
>> Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2707 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050726/e2dee531/attachment.bin
More information about the krbdev