Yes, they're mostly intended for use by the acceptor (except for the session key API).
-- Luke On 10/03/2009, at 3:11 PM, Weijun Wang wrote: > I see. So after a security context is established. These functions > should return the same results on both side. Of course, if a > particular > piece of info is only available from the encrypted part of the service > ticket, only the service side knows it and this function is not > supported on the client side. > > Max > > Luke Howard wrote: >> >> On 09/03/2009, at 1:45 PM, Max (Weijun) Wang wrote: >> >>>> gss_krb5_get_tkt_flags() >>>> gsskrb5_extract_authz_data_from_sec_context() >>>> gsskrb5_extract_authtime_from_sec_context() >>> >>> I guess the tkt or authXXX above are all for the intial TGT (instead >>> of any service ticket). Right? >> >> The service ticket; the service does not have the TGT (although the >> KDC >> may use the TGT in deriving those values). >> >> -- Luke > -- www.padl.com | www.fghr.net ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
