Issues bringing 'new SPENGO' to MIT Kerberos 1.8 builds
Luke Howard
lukeh at padl.com
Mon Feb 13 22:00:06 MST 2012
You could use GSS_C_INQ_SSPI_SESSION_KEY to get the enctype of the session key and figure out if CFX was used based on that.
-- Luke
On 14/02/2012, at 3:50 PM, Andrew Bartlett wrote:
> On Tue, 2012-02-14 at 13:42 +1100, Luke Howard wrote:
>> What do you need gss_krb5_export_lucid_sec_context for? Can you use GSS_C_INQ_SSPI_SESSION_KEY?
>
> We used it to determine if CFX was used, and therefore that the new
> (returning the mechListMic) SPENGO should be used, as we implement
> SPNEGO outside GSSAPI.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
--
Luke Howard / lukeh at padl.com
www.padl.com / www.lukehoward.com
More information about the samba-technical
mailing list