One more question WRT gssapi...
Jiva DeVoe
jiva at devoesquared.com
Tue Jul 26 23:30:39 EDT 2005
I think that pretty much explains it all then. Thanks very much.
On Jul 26, 2005, at 11:22 PM, Jeffrey Altman wrote:
> Jiva DeVoe wrote:
>
>
>> Right, exactly... and for gss_wrap you have to have a context,
>> which I
>> assume you're saying should be the one sent from the client.
>>
>
> You need the context for any gss_xxx() call that you make on either
> side
> of the connection. On the server, the context is the output of the
> gss_accept_context() call.
>
>
>
>> Ok, so that said... what about the peer to peer case? What if I have
>> two long-running server processes that need to communicate?
>> What's the
>> "appropriate" way to handle that?
>>
>
> If you have two long term processes, one of them becomes a client and
> the other is a server. The client will call gss_init_context() and
> will obtain an initial TGT using init with a keytab file.
>
>
>> A server still has to do a gss_acquire_cred right? It's just that it
>> doesn't need to have done a kinit for it right? Or does a server not
>> even need to do gss_acquire_cred?
>>
>
> gss_acquire_cred() is called by the server. See the gss-server.c
> example server_acquire_creds() function.
>
> Jeffrey Altman
>
>
>
>
>
--
Jiva DeVoe
http://www.devoesquared.com
PowerCard - Intuitive Project Management for Mac OS X
More information about the krbdev
mailing list