> From Darren.Moffat at Sun.COM Fri Jan 12 10:10:03 2007
> Date: Fri, 12 Jan 2007 18:09:50 +0000
> From: Darren J Moffat <Darren.Moffat at Sun.COM>
> Subject: Re: lofi(7d) crypto support [PSARC/2007/001 Timeout: 01/09/2007]
> To: Gary Winiger <gww at eng.sun.com>
> Cc: Nicolas.Williams at Sun.COM, roland.mainz at nrubsig.org, PSARC-EXT at
> Sun.COM,
> loficc-discuss at opensolaris.org
> Content-transfer-encoding: 7BIT
> X-PMX-Version: 5.2.0.264296
> User-Agent: Thunderbird 1.5.0.8 (X11/20061128)
>
> Gary Winiger wrote:
> >>> GSSAPI/Kerberos are network authentication protocols what we want here
> >>> is access to an encryption key.
> >
> > Perhaps the point Roland is making is like Apple Key Chain
> > to have the lofi encryption key available if something like
> > Kerberos or rpcsec_gss is used as the account authority.
>
> Apple Key Chain is nothing like Kerberos or GSSAPI.
I wasn't saying it did. I was suggesting that perhaps Roland's
point was that if a Krb5 ticket or gss_sec certificate was
obtained, that could be used to unwrap the encryption key.
Since Roland hasn't followed up. I guess it's moot.
Gary..
