krb5_pac_verify and server key enctype extraction
Love Hörnquist Åstrand
lha at kth.se
Tue Jul 21 14:50:29 EDT 2009
20 jul 2009 kl. 09.52 skrev Sam Hartman:
>>>>>> "Love" == Love Hörnquist Åstrand <lha at kth.se> writes:
> Love> If you want to avoid adding interfaces that expose key
> Love> data/context from the gss-api layer you have to checking it
> Love> in krb5_rd_req/gss_ISC.
> I disagree.
You find it acceptable for services like sshd to get hold of the
system long term keys ?
More information about the krbdev