Deriving keys

Kevin Coffman kwc at
Wed Feb 15 11:58:17 EST 2006

We are just now getting around to implementing more than just DES 
encryption for our Linux kernel GSS code for NFSv4.  We felt it was too 
much to bring down into the kernel all the code necessary to derive 
keys, so the plan is to derive the needed keys in user-space and send 
them down to the kernel.  However, krb5_derive_key() is an internal 
function.  The alternatives are to duplicate a lot of code in our gssd, 
or to expand the definition of the lucid context structure and have 
gss_krb5_export_lucid_context() return all the required derived keys.  
Is that a reasonable request?  If so, I'll create a patch.

More information about the krbdev mailing list