Session key extraction

Andrew Bartlett abartlet at
Mon Jan 5 01:17:00 EST 2009

On Tue, 2008-12-23 at 10:10 +1100, Luke Howard wrote:
> > I don't know of anyone who plans to use this feature with MIT Kerberos
> > right now.  So, my approach is to pull any public exposure of the
> > feature and add a comment encouraging people who want to use it to
> > negotiate an interface with us.  I think if we're going to do this, we
> > need to commit to being willing to add an interface in a point
> > release.
> > (Luke, if you know of users now, we could short circuit and start  
> > that discussion now.)
> Microsoft protocols that need this include SMB and DRS (replication  
> service). I believe Samba, Novell, and Likewise will require this.
> Presently there is no explicit API for this, it is indirected through  
> gss_inquire_sec_context_by_oid() with GSS_C_INQ_SESSION_KEY.

Indeed.  Keeping this, and keeping this as close to the Heimdal API as
possible is critical for a future where Samba (4 in particular) can use
either MIT Kerberos or Heimdal.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list