[30759] in Kerberos
Re: WS-Security and GSS-API: How do I get the session key?
daemon@ATHENA.MIT.EDU (Luke Howard)
Tue Feb 24 08:38:32 2009
Message-Id: <9717BF6F-62C6-4D99-B0C4-C5DD194886B7@padl.com>
From: Luke Howard <lukeh@padl.com>
To: Ken Raeburn <raeburn@mit.edu>
In-Reply-To: <296D780F-D22E-4DDA-A537-1142FE6D353C@mit.edu>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 25 Feb 2009 00:36:54 +1100
Cc: Goo <speedogoo@gmail.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> I don't recall offhand if there's been an IETF draft proposing the
> specific extension we've got for extracting the session key.
Something like:
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
{
OM_uint32 major, minor;
gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
gss_buffer_set_t skey = GSS_C_NO_BUFFER_SET;
...
major = gss_inquire_sec_context_by_oid(&minor,
ctx,
GSS_C_INQ_SSPI_SESSION_KEY,
&skey);
if (GSS_ERROR(major))
// handle error
if (skey == GSS_C_NO_BUFFER_SET ||
skey->count < 1 ||
skey->elements[0].value == NULL)
// optional paranoid error checking
// session key can be found in skey->elements[0]
// OID corresponding to enctype can be found in skey->elements[1]
gss_release_buffer_set(&minor, &skey);
...
}
-- Luke
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
