gss_krb5_set_allowable_enctypes query
Vipin Rathor
v.rathor at gmail.com
Fri Jun 8 08:35:16 EDT 2007
hi all,
As I notice that we have a new API called gss_krb5_set_allowable_enctypes()
with MIT 1.4. I was trying to find out how exactlky it can be used.
Following is my understanding. Can anyone please confirm my understanding.
Also I was curious as to why was it introduced , was it for NFS V4 ?
The gss_krb5_set_allowable_enctypes() API is setting the encryption type
list in the GSS-API credential. This user passed encryption will be used as
the list of desired encryption algorithms in the GSS-API handshake request.
The configuration variable [libdefaults] "default_tkt_enctypes" is used if a
value is not passed to it. One would ideally call it before
gss_init_sec_context() (and after gss_aquire_cred()) with the list of
desired encryption type the user wants.
{
gss_aquire_cred() //acquire credentials
..
gss_krb5_set_allowable_enctypes() // set the desired encryption type list
, for eg:
..
gss_init_sec_context() // start the GSS-API handshake
...
}
The encryption type that will finally get negotiated between the server and
the client (during the init/accept handshake) will be used by
gss_warp()/gss_unwarp() APIs.
Thanks in advance!
-Rathor
More information about the krbdev
mailing list