Session key extraction
Nicolas Williams
Nicolas.Williams at sun.com
Tue Dec 23 12:40:37 EST 2008
On Tue, Dec 23, 2008 at 07:06:26PM +1100, Luke Howard wrote:
> Essentially they provide a way to inquire and set attributes on
> contexts and credentials, attributes being defined by OIDs. The bulk
> of the APIs are defined here:
>
> http://www.ogf.org/documents/GFD.24.pdf
The project proposal should be specific as to which subset of these you
plan to implement.
Also, there's the question of what base OIDs to use.
> All mechanism-specific APIs in GSS-API have been re-implemented in
> terms of these to avoid abstraction violations.
I'm not sure I understand.
> Two additional APIs are defined, gssspi_set_cred_option() (which sets
> an attribute on a credential) and gssspi_mech_invoke() (which is a
> catch-all context/credential-handle-less mechanism for invoking a
> mechanism-specific API).
What's the 'spi' part of these names about?
> Another approach would be GSS_Query_context_attr(), as defined in
> NegoEx. But that seems a bit SSPI-ish.
I don't mind.
Nico
--
More information about the krbdev
mailing list