krb5_pac_verify and server key enctype extraction

Luke Howard lukeh at
Wed Jul 15 01:38:01 EDT 2009


> All looks good except we can't find a public GSS/krb5 API function to
> get the enctype from the security context.  gss_inquire_context() and
> gss_inquire_sec_context_by_oid() looked promising but don't appear to
> have it.
> We don't think we can glean the enctype from the PAC signature buffer
> itself.

You can extract the session key with  
gss_inquire_sec_context_by_oid(GSS_C_INQ_SSPI_SESSION_KEY). The  
returned buffer set contains { session key, enctype OID } -- the  
integer enctype is the last element of the OID arc.

Does this help?


-- luke

More information about the krbdev mailing list