kwc at citi.umich.edu
Wed Feb 15 11:58:17 EST 2006
We are just now getting around to implementing more than just DES
encryption for our Linux kernel GSS code for NFSv4. We felt it was too
much to bring down into the kernel all the code necessary to derive
keys, so the plan is to derive the needed keys in user-space and send
them down to the kernel. However, krb5_derive_key() is an internal
function. The alternatives are to duplicate a lot of code in our gssd,
or to expand the definition of the lucid context structure and have
gss_krb5_export_lucid_context() return all the required derived keys.
Is that a reasonable request? If so, I'll create a patch.
More information about the krbdev