Session key extraction
krishnag at likewisesoftware.com
Mon Dec 22 19:25:43 EST 2008
We totally need this in our current shipping product. We'd like to remove our extra gss_inquire_context2 and use the standard distro one. Please kindly keep this feature.
From: Luke Howard [mailto:lukeh at padl.com]
Sent: Mon 12/22/2008 3:10 PM
To: Sam Hartman
Cc: krbdev at mit.edu Dev List; Gerald (Jerry) Carter; Krishna Ganugapati; Rahul Srinivas; Andrew Bartlett
Subject: Re: Session key extraction
> I don't know of anyone who plans to use this feature with MIT Kerberos
> right now. So, my approach is to pull any public exposure of the
> feature and add a comment encouraging people who want to use it to
> negotiate an interface with us. I think if we're going to do this, we
> need to commit to being willing to add an interface in a point
> (Luke, if you know of users now, we could short circuit and start
> that discussion now.)
Microsoft protocols that need this include SMB and DRS (replication
service). I believe Samba, Novell, and Likewise will require this.
Presently there is no explicit API for this, it is indirected through
gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.
More information about the krbdev