Session Key through GSS-API

Greg Hudson ghudson at
Tue Feb 28 12:10:54 EST 2023

On 2/28/23 08:17, Stephen Brown via krbdev wrote:
> My application is using Kerberos via GSS-API but needs to access the session key. I saw that I can call gss_inquire_sec_context_by_oid() passing in GSS_C_INQ_SSPI_SESSION_KEY. However it looks like the key returned by this method is obtained via krb5_auth_con_getsendsubkey() which is the sub-session key (I believe) and not what I need.

Can you give a little more context around what protocol this application 
is implementing and why it needs the ticket session key and not the subkey?

More information about the krbdev mailing list