Session key extraction
Ken Raeburn
raeburn at MIT.EDU
Mon Dec 22 18:02:57 EST 2008
On Dec 22, 2008, at 15:39, Sam Hartman wrote:
> Luke's changes introduce a mechanism independent API for extracting
> the session key from a context.
> I'm very uncomfortable with this concept: using a session key without
> knowing what kind of key it is or what structure it is seems kind of
> dangerous.
Agreed, though I would hope it's used either as input to a hash or
encryption function that wouldn't care about the structure; even if it
is, though, using it for the application's own purpose and
simultaneously using it within GSSAPI-type calls (including just
session establishment) doesn't seem wise. And Greg's got good points
about the idea possibly not even being applicable in any reasonable
way to some future mechanism.
> * Get the Windows session key from this context. I.E. defined only
> for mechanisms used on windows
> and defined to be the thing SSPI would give you.
This would make the purpose clear...
> * Something like lucid_context that is not mechanism independent.
I assume being mechanism-dependent is the main reason the lucid
context support doesn't suffice for this now?
Ken
More information about the krbdev
mailing list