Session key extraction

Nicolas Williams Nicolas.Williams at
Tue Dec 23 12:40:37 EST 2008

On Tue, Dec 23, 2008 at 07:06:26PM +1100, Luke Howard wrote:
> Essentially they provide a way to inquire and set attributes on  
> contexts and credentials, attributes being defined by OIDs. The bulk  
> of the APIs are defined here:

The project proposal should be specific as to which subset of these you
plan to implement.

Also, there's the question of what base OIDs to use.

> All mechanism-specific APIs in GSS-API have been re-implemented in  
> terms of these to avoid abstraction violations.

I'm not sure I understand.

> Two additional APIs are defined, gssspi_set_cred_option() (which sets  
> an attribute on a credential) and gssspi_mech_invoke() (which is a  
> catch-all context/credential-handle-less mechanism for invoking a  
> mechanism-specific API).

What's the 'spi' part of these names about?

> Another approach would be GSS_Query_context_attr(), as defined in  
> NegoEx. But that seems a bit SSPI-ish.

I don't mind.


More information about the krbdev mailing list