[30756] in Kerberos
Re: WS-Security and GSS-API: How do I get the session key?
daemon@ATHENA.MIT.EDU (Goo)
Mon Feb 23 21:10:39 2009
MIME-Version: 1.0
In-Reply-To: <2FA33280-CFCF-4064-AE15-2CF07C49E329@mit.edu>
Date: Tue, 24 Feb 2009 08:05:33 +0800
Message-ID: <d2ec65b00902231605tc8bfb2ele3448bcce2fe5a90@mail.gmail.com>
From: Goo <speedogoo@gmail.com>
To: Ken Raeburn <raeburn@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> That said, I believe the MIT 1.7 release will include an API for extracting
> a session key if there is one, but no earlier release from MIT will, and I'm
> not sure how portable that API will be to other implementations.
Nice to hear that. Do you know if there's a alpha/beta version with
the new API? Also, is there any IETF draft extending RFC 2743?
Thanks
Speedo
On Tue, Feb 24, 2009 at 00:11, Ken Raeburn <raeburn@mit.edu> wrote:
> On Feb 23, 2009, at 04:39, Speedo wrote:
>>
>> I guess this issue had been discussed before: WS-Security negotiates
>> with Kerberos 5 but uses the session key in a different way from GSS
>> tokens. Since GSS-API is the public API to access Kerberos 5, is there
>> any recent progress in enhancing the GSS-API to provide a function
>> like gss_get_session_key()?
>
> I wouldn't say that "GSS-API is the public API to access Kerberos 5", though
> I think it's generally preferred that you write application *protocols* to
> GSS-API. (Which means, among other things, not assuming you can extract the
> session key and do with it what you like -- or even assuming that there is
> such a thing as a "session key".)
>
> If you write non-GSSAPI application protocols, there are still non-GSSAPI
> programming interfaces....
>
> That said, I believe the MIT 1.7 release will include an API for extracting
> a session key if there is one, but no earlier release from MIT will, and I'm
> not sure how portable that API will be to other implementations.
>
> Ken
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
