[47] in GSSAPI Development
RE: clarification on GSS C Bindings
daemon@ATHENA.MIT.EDU (kannan@sejour.lkg.dec.com)
Fri May 17 12:07:40 1991
To: wray@ultra.enet.dec.com, gssapi-dev@ATHENA.MIT.EDU
Cc: kannan@sejour.lkg.dec.com
Date: Fri, 17 May 91 12:06:59 EDT
From: kannan@sejour.lkg.dec.com
>The desired_name parameter is a global principal name (the name of the
>principal whose credentials you want to acquire), and should therefore use the
>gss_name_t type.
Acquire cred requires an API internal principal name. However, we have not
reached agreement on how to import user principal names. Therefore, we can
not acquire credentials for users.
This is OK, since we can specify GSS_C_NO_CREDENTIAL to init_sec_context
and it will do the right thing (acquire default user credentials internally.)
Also, on the verifier side, we have a delegated cred handle which can be
passed to init_sec_context.
However, on the claimant side, if we need to issue multiple init_sec_context
calls (i.e., mutual authentication), should we always pass in the default
credential handle for each call? If so, this would be very inefficient for
SPX.
It would be nice if when we specified the use of default credentials, a
modified cred handle is returned to the application for subsequent GSS API
routines. However, this doesn't seem possible.
-kannan
