krb5_pac_verify and server key enctype extraction
Natalie Li
Natalie.Li at Sun.COM
Mon Jul 20 11:41:49 EDT 2009
Luke Howard wrote:
>>>
>> Just to clarify, we're interested in the enctype associated with the
>> server's long-term key that was used to decrypt the krb ticket
>> carried in the KRB_AP_REQ, not the session key. Do we have an API to
>> extract that information from GSS context?
>
> Not that I'm aware of. You can enumerate the keytab, looking for a key
> with a mandatory checksum type that matches that in the PAC.
>
> -- Luke
Yes, we do something similar to your above suggestion for now. Thanks
for confirming that there isn't any API for extracting tik enctype.
Thanks,
Natalie
More information about the krbdev
mailing list