[30816] in Kerberos
Re: WS-Security and GSS-API: How do I get the session key?
daemon@ATHENA.MIT.EDU (Michael B Allen)
Fri Mar 6 15:55:11 2009
MIME-Version: 1.0
In-Reply-To: <e1426fee-e5a5-41a9-aafa-48653903cfb0@v35g2000pro.googlegroups.com>
Date: Fri, 6 Mar 2009 15:54:21 -0500
Message-ID: <78c6bd860903061254u15f3c76l8792158564ec1b1@mail.gmail.com>
From: Michael B Allen <ioplex@gmail.com>
To: weijun.wang@sun.com
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, Mar 5, 2009 at 9:29 PM, <weijun.wang@sun.com> wrote:
> Hi Luke
>
> On Feb 24, 9:36 pm, Luke Howard <lu...@padl.com> wrote:
>> > I don't recall offhand if there's been an IETF draft proposing the
>> > specific extension we've got for extracting the session key.
>>
>
>> major = gss_inquire_sec_context_by_oid(&minor,
>> ctx,
>> GSS_C_INQ_SSPI_SESSION_KEY,
>> &skey);
>
> Cool, we (Java SE Team at Sun) are also preparing to add a new method
> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
I think it would be better to have a GSSContext method that could
return an Object that is specific to the OID supplied. For example, in
the case of the session key, it would return a byte[] array like:
Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
byte[] sessionKey = (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);
Otherwise you're going to end up just adding more methods in an
already overwhelming API.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
