krb5_pac_verify and server key enctype extraction
Natalie.Li at Sun.COM
Mon Jul 20 11:41:49 EDT 2009
Luke Howard wrote:
>> Just to clarify, we're interested in the enctype associated with the
>> server's long-term key that was used to decrypt the krb ticket
>> carried in the KRB_AP_REQ, not the session key. Do we have an API to
>> extract that information from GSS context?
> Not that I'm aware of. You can enumerate the keytab, looking for a key
> with a mandatory checksum type that matches that in the PAC.
> -- Luke
Yes, we do something similar to your above suggestion for now. Thanks
for confirming that there isn't any API for extracting tik enctype.
More information about the krbdev