Session key extraction
lukeh at padl.com
Mon Jan 5 16:51:05 EST 2009
>> Well, Heimdal can implement GSS_C_INQ_SSPI_SESSION_KEY :-)
> I do have to say, it looks like a nicer API.
If you think so :-)
It has the advantage of being mechanism-independent (Likewise, and
possibly Samba, need it for NTLM). Moreover, there was a desire to
fashion the interface such that consumers would be discouraged from
using the session key except for SSPI interoperability.
You might want to look at the gss_wrap_iov() stuff as well as the KDC
More information about the krbdev