krb5_pac_verify and server key enctype extraction

[Love Hörnquist Åstrand]

20 jul 2009 kl. 09.52 skrev Sam Hartman:

>>>>>> "Love" == Love Hörnquist Åstrand <lha at kth.se> writes:
>
>    Love> If you want to avoid adding interfaces that expose key
>    Love> data/context from the gss-api layer you have to checking it
>    Love> in krb5_rd_req/gss_ISC.
>
> I disagree.

You find it acceptable for services like sshd to get hold of the  
system long term keys ?

Love