Session key extraction

Krishna Ganugapati krishnag at
Mon Dec 22 19:25:43 EST 2008

We totally need this in our current shipping product. We'd like to remove our extra gss_inquire_context2  and use the standard distro one. Please kindly keep this feature.


From: Luke Howard [mailto:lukeh at]
Sent: Mon 12/22/2008 3:10 PM
To: Sam Hartman
Cc: krbdev at Dev List; Gerald (Jerry) Carter; Krishna Ganugapati; Rahul Srinivas; Andrew Bartlett
Subject: Re: Session key extraction

> I don't know of anyone who plans to use this feature with MIT Kerberos
> right now.  So, my approach is to pull any public exposure of the
> feature and add a comment encouraging people who want to use it to
> negotiate an interface with us.  I think if we're going to do this, we
> need to commit to being willing to add an interface in a point
> release.
> (Luke, if you know of users now, we could short circuit and start 
> that discussion now.)

Microsoft protocols that need this include SMB and DRS (replication 
service). I believe Samba, Novell, and Likewise will require this.

Presently there is no explicit API for this, it is indirected through 
gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.

-- Luke

More information about the krbdev mailing list