[16065] in Kerberos_V5_Development
Re: Windows future
daemon@ATHENA.MIT.EDU (Luke Howard)
Tue Aug 17 09:52:50 2010
Mime-Version: 1.0 (Apple Message framework v1078)
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <4C6A912B.7080105@secure-endpoints.com>
Date: Tue, 17 Aug 2010 15:51:25 +0200
Message-Id: <95512E34-EC97-4BBD-A4CC-C36A67821FAB@padl.com>
To: jaltman@secure-endpoints.com
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 17/08/2010, at 3:39 PM, Jeffrey Altman wrote:
> On 8/13/2010 10:01 AM, Douglas E. Engert wrote:
>
>> What is missing is an OpenAFS aklog that can use SSPI.
>> My old gssklog from 2004 could use SSPI :-)
>
> While it is certainly true that the rxkad aklog could be implemented
> using the LSA credential cache functions to request a krb5 service
> ticket for afs, the SSPI cannot be used to obtain rxgk security tokens
> because it lacks an implementation of the GSS PRF.
What about, until such time that SSPI implements the GSS PRF, building a wrapper around QueryContextAttributes(SECPKG_ATTR_SESSION_KEY)?
-- Luke
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
