Serialization framework future

Greg Hudson ghudson at MIT.EDU
Thu May 31 14:56:01 EDT 2012


On 05/31/2012 02:25 PM, Simo Sorce wrote:
> I see exclusively talking about krb5 here, I would hope that an export
> cred format would be able to transfer other cred types too if available.

I hadn't discussed that because it's a simpler problem.  The mechglue
export_cred will generate a mech cred token for each mech cred in the
union cred, and will compose them together, tagging each mech token by
mech OID.

We do need to figure out how to represent the sequence of {mech-oid,
mech-token} pairs.  Heimdal uses krb5_storage for this; we could use
that (if we adopt krb5_storage), or DER, or a custom format.  We aren't
constrained to make the same choice of representation in the mechglue as
we do in the krb5 mech.



More information about the krbdev mailing list