Session key extraction
Andrew Bartlett
abartlet at samba.org
Mon Jan 5 01:17:00 EST 2009
On Tue, 2008-12-23 at 10:10 +1100, Luke Howard wrote:
> > I don't know of anyone who plans to use this feature with MIT Kerberos
> > right now. So, my approach is to pull any public exposure of the
> > feature and add a comment encouraging people who want to use it to
> > negotiate an interface with us. I think if we're going to do this, we
> > need to commit to being willing to add an interface in a point
> > release.
> > (Luke, if you know of users now, we could short circuit and start
> > that discussion now.)
>
>
> Microsoft protocols that need this include SMB and DRS (replication
> service). I believe Samba, Novell, and Likewise will require this.
>
> Presently there is no explicit API for this, it is indirected through
> gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.
Indeed. Keeping this, and keeping this as close to the Heimdal API as
possible is critical for a future where Samba (4 in particular) can use
either MIT Kerberos or Heimdal.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20090105/a830302d/attachment.bin
More information about the krbdev
mailing list