Session key extraction

Luke Howard lukeh at
Mon Jan 5 16:51:05 EST 2009

>> Well, Heimdal can implement GSS_C_INQ_SSPI_SESSION_KEY :-)
> I do have to say, it looks like a nicer API.

If you think so :-)

It has the advantage of being mechanism-independent (Likewise, and  
possibly Samba, need it for NTLM). Moreover, there was a desire to  
fashion the interface such that consumers would be discouraged from  
using the session key except for SSPI interoperability.

You might want to look at the gss_wrap_iov() stuff as well as the KDC  
changes, too.

-- Luke

More information about the krbdev mailing list