Luke Howard lhoward at MIT.EDU
Mon Nov 30 19:16:38 EST 2009

On 01/12/2009, at 12:04 AM, Nicolas Williams wrote:

> On Mon, Nov 30, 2009 at 02:55:28PM -0500, Sam Hartman wrote:
>> Is gss_context_query_attributes on the track for standardization?  If
>> not, does it conflict with functionality provided somewhere in
>> kitten?
>> I think the answer is no and not that much.  The conflict I'm aware  
>> of
>> is the mechanism attributes stuff, but that seems sufficiently
>> different.
> The answers are "no" and "no".  There's no conflict as far as the APIs
> go.  Some specific security context attributes may be best seen as  
> name
> attributes, but that does not a conflict make.  And some security
> context attributes cannot be seen as name attributes (e.g., session
> keys), which is why we need a standard gss_context_query_attributes().

Or do we. It's a more convenient API than  
gss_inquire_sec_context_by_oid(), but it's definitely overlapping.

> I'd use "inquire" instead of "query" though, for consistency.

I think Love chose this for SSPI compat. The name doesn't bother me.

-- Luke

More information about the krbdev mailing list