krb5_pac_verify and server key enctype extraction

Love Hörnquist Åstrand lha at
Tue Jul 21 14:50:29 EDT 2009

20 jul 2009 kl. 09.52 skrev Sam Hartman:

>>>>>> "Love" == Love Hörnquist Åstrand <lha at> writes:
>    Love> If you want to avoid adding interfaces that expose key
>    Love> data/context from the gss-api layer you have to checking it
>    Love> in krb5_rd_req/gss_ISC.
> I disagree.

You find it acceptable for services like sshd to get hold of the  
system long term keys ?


More information about the krbdev mailing list