Session key extraction

Luke Howard lukeh at
Tue Dec 23 01:06:22 EST 2008

On 23/12/2008, at 4:27 PM, Nicolas Williams wrote:

> On Mon, Dec 22, 2008 at 07:25:43PM -0500, Krishna Ganugapati wrote:
>> We totally need this in our current shipping product. We'd like to
>> remove our extra gss_inquire_context2  and use the standard distro
>> one. Please kindly keep this feature.
> If it's a for a proprietary protocol then I strongly urge you to apply
> some key derivation function to the session key, preferably the krb5
> mechanism's GSS_Pseudo_random().  If it's for interop with Windows
> protocols, understood.

It is for Windows interop.

-- Luke

More information about the krbdev mailing list