> BTW, I read the krb5-1.7 codes and notice you're supporting some other > OIDs for this new function: > > KRB5_GET_TKT_FLAGS > KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT > KRB5_EXPORT_LUCID_SEC_CONTEXT > KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT > > I wonder how widely they are required and whether we should also > support them. Can you give me some background info?
These are just shims for indirecting existing mechanism-specific APIs through the mechanism glue (so that the mechanism glue itself need not be polluted with mechanism specific API). They correspond to: gss_krb5_get_tkt_flags() gsskrb5_extract_authz_data_from_sec_context() gss_krb5_export_lucid_sec_context() gsskrb5_extract_authtime_from_sec_context() I think only the extract_authXXX APIs are new for 1.7. The usage for gsskrb5_extract_authz_data_from_sec_context() identical to Heimdal: http://www.daemon-systems.org/man/gsskrb5_extract_authz_data_from_sec_context.3.html gsskrb5_extract_authtime_from_sec_context() gets the authtime from the ticket. Let me know if you have further questions. -- Luke ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
