Session key extraction

[Luke Howard]

>> Well, Heimdal can implement GSS_C_INQ_SSPI_SESSION_KEY :-)
>
> I do have to say, it looks like a nicer API.


If you think so :-)

It has the advantage of being mechanism-independent (Likewise, and  
possibly Samba, need it for NTLM). Moreover, there was a desire to  
fashion the interface such that consumers would be discouraged from  
using the session key except for SSPI interoperability.

You might want to look at the gss_wrap_iov() stuff as well as the KDC  
changes, too.

-- Luke