[30850] in Kerberos
Re: WS-Security and GSS-API: How do I get the session key?
daemon@ATHENA.MIT.EDU (Weijun Wang)
Tue Mar 10 15:38:08 2009
MIME-version: 1.0
Date: Tue, 10 Mar 2009 12:11:04 +0800
From: Weijun Wang <Weijun.Wang@Sun.COM>
In-reply-to: <3A3A185F-E900-4742-9D32-5F1736E662A2@padl.com>
To: Luke Howard <lukeh@padl.com>
Message-id: <49B5E858.7040009@sun.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I see. So after a security context is established. These functions
should return the same results on both side. Of course, if a particular
piece of info is only available from the encrypted part of the service
ticket, only the service side knows it and this function is not
supported on the client side.
Max
Luke Howard wrote:
>
> On 09/03/2009, at 1:45 PM, Max (Weijun) Wang wrote:
>
>>> gss_krb5_get_tkt_flags()
>>> gsskrb5_extract_authz_data_from_sec_context()
>>> gsskrb5_extract_authtime_from_sec_context()
>>
>> I guess the tkt or authXXX above are all for the intial TGT (instead
>> of any service ticket). Right?
>
> The service ticket; the service does not have the TGT (although the KDC
> may use the TGT in deriving those values).
>
> -- Luke
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
