One more question WRT gssapi...

Jiva DeVoe jiva at devoesquared.com
Tue Jul 26 22:56:45 EDT 2005 

Right, exactly... and for gss_wrap you have to have a context, which  
I assume you're saying should be the one sent from the client.

Ok, so that said... what about the peer to peer case?  What if I have  
two long-running server processes that need to communicate?  What's  
the "appropriate" way to handle that?

BTW, thank you very much for the info.  You can see why I was looking  
for general docs... I had several questions.  So I appreciate the info.

A server still has to do a gss_acquire_cred right?  It's just that it  
doesn't need to have done a kinit for it right?  Or does a server not  
even need to do gss_acquire_cred?

On Jul 26, 2005, at 10:49 PM, Jeffrey Altman wrote:

> The server should never have a need to execute a gss_init_context().
>
> To send encrypted data you process it with gss_wrap() (see gss- 
> client.c)
> and the process the data with gss_unwrap() on the receiver.  Both  
> sides
> of the connection can call gss_wrap() and gss_unwrap() as well as
> gss_get_mic() and gss_verify_mic().
>
> Jeffrey Altman
>
>
> Jiva DeVoe wrote:
>
>
>>
>> On Jul 26, 2005, at 10:18 PM, Jeffrey Altman wrote:
>>
>>
>>> The server should be calling gss_accept_context and does not obtain
>>> its own initial ticket.  It uses the key stored in the keytab file
>>> to decrypt the service ticket delivered by the client as part of the
>>> authentication negotiation.
>>>
>>> Have you examined the source code to the gss-client and gss-server
>>> sample applications?
>>>
>>>
>>
>> Yep, sure have, and used those as an example of "what to do" - just
>> trying to understand it.
>>
>> So what about if I want to then send encrypted data to the client
>> program?  Do I use the context I have gotten from accept_context for
>> that?  Is there ever a case where I'd need to init_context from the
>> server to the client?  I was under the impression I should   
>> init_context
>> to the client in the case that I want to send data to her.
>>
>>
>>> Jeffrey Altman
>>>
>
>

--
Jiva DeVoe
http://www.devoesquared.com
PowerCard - Intuitive Project Management for Mac OS X

More information about the krbdev mailing list