Session key extraction

[Nicolas Williams]

On Mon, Dec 22, 2008 at 07:25:43PM -0500, Krishna Ganugapati wrote:
> We totally need this in our current shipping product. We'd like to
> remove our extra gss_inquire_context2  and use the standard distro
> one. Please kindly keep this feature.

If it's a for a proprietary protocol then I strongly urge you to apply
some key derivation function to the session key, preferably the krb5
mechanism's GSS_Pseudo_random().  If it's for interop with Windows
protocols, understood.

Nico
--