Serialization framework future
Simo Sorce
simo at redhat.com
Thu May 31 14:25:00 EDT 2012
On Thu, 2012-05-31 at 11:48 -0400, Greg Hudson wrote:
> On 05/31/2012 08:37 AM, Sam Hartman wrote:
> > I agree with nico that the serialization format for credentials should
> > be the krb-cred we just standardized in the IETF.
>
> That's certainly an idea worth considering.
>
> The larger picture is that I need to serialize a GSS cred, which might
> be an acceptor or initiator cred or both. So the actual token format
> will be some combination of a ccache, a keytab, a krb5 GSS name, and
> maybe some other metadata (like the state set by
> gss_krb5_set_allowable_enctypes). ccaches and keytabs will likely be
> marshalled by name except for memory ccaches (and maybe memory keytabs,
> but those are rarely seen in the wild).
>
> DER is an option worth considering (even without an ASN.1 compiler),
> although it would mean creating an intermediate structure between
> krb5_gss_cred_id_t and the serialized form.
I see exclusively talking about krb5 here, I would hope that an export
cred format would be able to transfer other cred types too if available.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list