GSSExtras
Luke Howard
lhoward at MIT.EDU
Mon Nov 30 19:16:38 EST 2009
On 01/12/2009, at 12:04 AM, Nicolas Williams wrote:
> On Mon, Nov 30, 2009 at 02:55:28PM -0500, Sam Hartman wrote:
>> Is gss_context_query_attributes on the track for standardization? If
>> not, does it conflict with functionality provided somewhere in
>> kitten?
>>
>> I think the answer is no and not that much. The conflict I'm aware
>> of
>> is the mechanism attributes stuff, but that seems sufficiently
>> different.
>
> The answers are "no" and "no". There's no conflict as far as the APIs
> go. Some specific security context attributes may be best seen as
> name
> attributes, but that does not a conflict make. And some security
> context attributes cannot be seen as name attributes (e.g., session
> keys), which is why we need a standard gss_context_query_attributes().
Or do we. It's a more convenient API than
gss_inquire_sec_context_by_oid(), but it's definitely overlapping.
> I'd use "inquire" instead of "query" though, for consistency.
I think Love chose this for SSPI compat. The name doesn't bother me.
-- Luke
More information about the krbdev
mailing list