krb5_pac_verify and server key enctype extraction
Luke Howard
lukeh at padl.com
Wed Jul 15 01:38:01 EDT 2009
Glenn,
> All looks good except we can't find a public GSS/krb5 API function to
> get the enctype from the security context. gss_inquire_context() and
> gss_inquire_sec_context_by_oid() looked promising but don't appear to
> have it.
>
> We don't think we can glean the enctype from the PAC signature buffer
> itself.
You can extract the session key with
gss_inquire_sec_context_by_oid(GSS_C_INQ_SSPI_SESSION_KEY). The
returned buffer set contains { session key, enctype OID } -- the
integer enctype is the last element of the OID arc.
Does this help?
cheers,
-- luke
More information about the krbdev
mailing list