[10] in GSSAPI Development
Re: Problem in gss_accept_sec_context()
daemon@ATHENA.MIT.EDU (kannan@sejour.lkg.dec.com)
Mon Apr 29 16:41:14 1991
To: gssapi-dev@ATHENA.MIT.EDU
Cc: kannan@sejour.lkg.dec.com
Date: Mon, 29 Apr 91 16:42:55 EDT
From: kannan@sejour.lkg.dec.com
Ted,
>In attempting to code gss_accept_sec_context, I ran into a problem.
>When Kerberos does a krb5_rd_req(), it requires the sender's network
>address, and there's no place to pass that into gss_accept_sec_context.
I agree that this is a problem.
>I suggest that we replace input_chan_bindings_buffer on both
>accept_sec_context and init_sec_context with the an sender_address
>paramter which is mandatory and which takes the following structure:
And I also agree with your basic suggestion. I would like to propose
the following structure (only a slight variant from what you suggested).
Basically, I would like to see the receiver_address included in the
channel bindings.
/* structure for channel binding */
typedef struct gss_channel_binding_desc {
OM_uint32 chanbinding_type;
int sa_length;
void *sender_address;
int ra_length;
void *receiver_address;
} gss_channel_binding;
The low order values for chanbinding_type should correspond to the Berkeley
Standard definition for address family formats.
Discussion?
-kannan
