export list symbols

Jeffrey Hutzelman jhutz at cmu.edu
Tue Oct 20 13:49:49 EDT 2009

--On Tuesday, October 20, 2009 11:07:55 AM -0500 Nicolas Williams 
<Nicolas.Williams at sun.com> wrote:

> But also, RFC3961 is not intended to be a mere detail of Kerberos
> protocol construction: "raw" krb5 apps that extract session keys and
> make use of krb5 enctypes directly are legitimate users of RFC3961.
> Think of TELNET and AFS, which, I know are not exactly good examples
> here (in large part because they pre-date RFC3961), but they are good
> examples of apps which, if they really had to avoid KRB-SAFE/PRIV or the
> GSS-API (e.g., because of per-token/message overhead), then really
> should have used _a_ cryptographic protocol framework, of which RFC3961
> is a reasonable example.

In fact, RFC3961 was designed with such users in mind.

> IMO Kerberos implementors SHOULD export RFC3961 interfaces.


More information about the krbdev mailing list