[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Kevin Coffman] Proposal to export gssapi context

To: Love <lha@stacken.kth.se>
Subject: Re: [Kevin Coffman] Proposal to export gssapi context
From: Kevin Coffman <kwc@citi.umich.edu>
Date: Wed, 10 Mar 2004 16:39:31 -0500
Cc: heimdal-discuss@sics.se, krbdev@mit.edu, nfsv4-wg@citi.umich.edu
In-reply-to: Your message of "Wed, 10 Mar 2004 08:39:04 +0100." <amad2pkv6v.fsf@nutcracker.stacken.kth.se>
Sender: owner-heimdal-discuss@sics.se

> > Comments, suggestions, welcome.
> 
> I read this over real quick on the train and will surely have more comments
> when I try to implement it.
> 
> Why is cksumtype and acceptor_subkey_cksumtype included, they are implied
> by the key's enctype.
>
> Is this really not kerberos specific ? Then why send oid ?

Yes, the current proposal is Kerberos Mechanism specific.
These sound reasonable.  I'll change them.

> What is the format of sign_alg/seal_alg ? They are defined as octet data in
> rfc1964 not integers.

I'll look into this.

> How will you deal with SPKM/LIPKEY ? Have anyone updated the spec so its
> possible to implement now ?

I began trying to come up with something general enough for Kerberos and
our (not-quite-complete) spkm-3 implementation, but it didn't seem
reasonable. The current plan is to have a separate mech-specific context
extraction routine. If anyone has ideas, that would be great.

Follow-Ups:
- More kpasswdd questions. (These should be easy.)
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Re: [Kevin Coffman] Proposal to export gssapi context
  - From: Love <lha@stacken.kth.se>

Prev by Date: Re: [Kevin Coffman] Proposal to export gssapi context
Next by Date: RE: Intergrate Heimdal's hdb-ldap and Samba
Prev by thread: Re: [Kevin Coffman] Proposal to export gssapi context
Next by thread: More kpasswdd questions. (These should be easy.)
Index(es):
- Date
- Thread