Serialization framework future
Greg Hudson
ghudson at MIT.EDU
Thu May 31 11:48:12 EDT 2012
On 05/31/2012 08:37 AM, Sam Hartman wrote:
> I agree with nico that the serialization format for credentials should
> be the krb-cred we just standardized in the IETF.
That's certainly an idea worth considering.
The larger picture is that I need to serialize a GSS cred, which might
be an acceptor or initiator cred or both. So the actual token format
will be some combination of a ccache, a keytab, a krb5 GSS name, and
maybe some other metadata (like the state set by
gss_krb5_set_allowable_enctypes). ccaches and keytabs will likely be
marshalled by name except for memory ccaches (and maybe memory keytabs,
but those are rarely seen in the wild).
DER is an option worth considering (even without an ASN.1 compiler),
although it would mean creating an intermediate structure between
krb5_gss_cred_id_t and the serialized form.
More information about the krbdev
mailing list