[20409] in Kerberos_V5_Development
Re: Session Key through GSS-API
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Feb 28 12:12:03 2023
Message-ID: <172f76f7-288a-2bfe-7a23-1079e8e2339c@mit.edu>
Date: Tue, 28 Feb 2023 12:10:54 -0500
MIME-Version: 1.0
Content-Language: en-US
To: Stephen Brown <Stephen.Brown@progress.com>,
"krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <SN4PR13MB527934F3E8134C26F11B473A91AC9@SN4PR13MB5279.namprd13.prod.outlook.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: krbdev-bounces@mit.edu
On 2/28/23 08:17, Stephen Brown via krbdev wrote:
> My application is using Kerberos via GSS-API but needs to access the session key. I saw that I can call gss_inquire_sec_context_by_oid() passing in GSS_C_INQ_SSPI_SESSION_KEY. However it looks like the key returned by this method is obtained via krb5_auth_con_getsendsubkey() which is the sub-session key (I believe) and not what I need.
Can you give a little more context around what protocol this application
is implementing and why it needs the ticket session key and not the subkey?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
