> gss_krb5_get_tkt_flags() > gsskrb5_extract_authz_data_from_sec_context() > gsskrb5_extract_authtime_from_sec_context()
I guess the tkt or authXXX above are all for the intial TGT (instead of any service ticket). Right? Thanks Weijun On Mar 7, 2009, at 10:01 AM, Luke Howard wrote: >> BTW, I read the krb5-1.7 codes and notice you're supporting some >> other >> OIDs for this new function: >> >> KRB5_GET_TKT_FLAGS >> KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT >> KRB5_EXPORT_LUCID_SEC_CONTEXT >> KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT >> >> I wonder how widely they are required and whether we should also >> support them. Can you give me some background info? > > These are just shims for indirecting existing mechanism-specific > APIs through the mechanism glue (so that the mechanism glue itself > need not be polluted with mechanism specific API). They correspond to: > > gss_krb5_get_tkt_flags() > gsskrb5_extract_authz_data_from_sec_context() > gss_krb5_export_lucid_sec_context() > gsskrb5_extract_authtime_from_sec_context() > > I think only the extract_authXXX APIs are new for 1.7. The usage for > gsskrb5_extract_authz_data_from_sec_context() identical to Heimdal: > > http://www.daemon-systems.org/man/gsskrb5_extract_authz_data_from_sec_context.3.html > > gsskrb5_extract_authtime_from_sec_context() gets the authtime from > the ticket. > > Let me know if you have further questions. > > -- Luke ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
