Session key extraction

Luke Howard lukeh at
Mon Dec 22 18:10:50 EST 2008

> I don't know of anyone who plans to use this feature with MIT Kerberos
> right now.  So, my approach is to pull any public exposure of the
> feature and add a comment encouraging people who want to use it to
> negotiate an interface with us.  I think if we're going to do this, we
> need to commit to being willing to add an interface in a point
> release.
> (Luke, if you know of users now, we could short circuit and start  
> that discussion now.)

Microsoft protocols that need this include SMB and DRS (replication  
service). I believe Samba, Novell, and Likewise will require this.

Presently there is no explicit API for this, it is indirected through  
gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.

-- Luke

More information about the krbdev mailing list