Session key extraction
lukeh at padl.com
Mon Dec 22 18:10:50 EST 2008
> I don't know of anyone who plans to use this feature with MIT Kerberos
> right now. So, my approach is to pull any public exposure of the
> feature and add a comment encouraging people who want to use it to
> negotiate an interface with us. I think if we're going to do this, we
> need to commit to being willing to add an interface in a point
> (Luke, if you know of users now, we could short circuit and start
> that discussion now.)
Microsoft protocols that need this include SMB and DRS (replication
service). I believe Samba, Novell, and Likewise will require this.
Presently there is no explicit API for this, it is indirected through
gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.
More information about the krbdev