> That said, I believe the MIT 1.7 release will include an API for extracting > a session key if there is one, but no earlier release from MIT will, and I'm > not sure how portable that API will be to other implementations.
Nice to hear that. Do you know if there's a alpha/beta version with the new API? Also, is there any IETF draft extending RFC 2743? Thanks Speedo On Tue, Feb 24, 2009 at 00:11, Ken Raeburn <[email protected]> wrote: > On Feb 23, 2009, at 04:39, Speedo wrote: >> >> I guess this issue had been discussed before: WS-Security negotiates >> with Kerberos 5 but uses the session key in a different way from GSS >> tokens. Since GSS-API is the public API to access Kerberos 5, is there >> any recent progress in enhancing the GSS-API to provide a function >> like gss_get_session_key()? > > I wouldn't say that "GSS-API is the public API to access Kerberos 5", though > I think it's generally preferred that you write application *protocols* to > GSS-API. (Which means, among other things, not assuming you can extract the > session key and do with it what you like -- or even assuming that there is > such a thing as a "session key".) > > If you write non-GSSAPI application protocols, there are still non-GSSAPI > programming interfaces.... > > That said, I believe the MIT 1.7 release will include an API for extracting > a session key if there is one, but no earlier release from MIT will, and I'm > not sure how portable that API will be to other implementations. > > Ken > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
