[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting gssapi context, take two

To: krbdev@mit.edu, nfsv4-wg@citi.umich.edu, heimdal-discuss@sics.se
Subject: Re: Exporting gssapi context, take two
From: Kevin Coffman <kwc@citi.umich.edu>
Date: Tue, 27 Apr 2004 10:12:05 -0400
In-reply-to: Your message of "Fri, 09 Apr 2004 15:29:46 EDT." <000201c41e69$0497e7c0$6400000a@citi.umich.edu>
Sender: owner-heimdal-discuss@sics.se

I've run into a couple of issues implementing the krb5_gss_set_allowable
_enctypes() function.

First, the call to gss_acquire_cred, to get the cred handle, is going 
through the mechglue layer which returns a handle to the mechglue's 
union_cred, not a Kerberos cred handle.  This requires a glue function 
for set_allowable_enctypes() to translate from the union_cred handle to 
the Kerberos handle.

Second, the easiest way to implement the glue function is to require 
another parameter for the mechanism.  Changing the signature as follows:


-OM_uint32
-krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, 
-				gss_cred_id_t cred,
-				OM_uint32 num_ktypes,
-				krb5_enctype *ktypes);

+OM_uint32
+gss_set_allowable_enctypes(OM_uint32 *minor_status, 
+			   gss_cred_id_t cred,
+			   gss_OID mechanism,
+			   OM_uint32 num_ktypes,
+			   void * *ktypes);

Any suggestions for a cleaner/clearer approach?

K.C.

Follow-Ups:
- Re: Exporting gssapi context, take two
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Exporting gssapi context, take two
  - From: Sam Hartman <hartmans@mit.edu>

References:
- Exporting gssapi context, take two
  - From: "Kevin Coffman" <kwc@citi.umich.edu>

Prev by Date: debugging kauth/kinit
Next by Date: Re: Exporting gssapi context, take two
Prev by thread: Re: Exporting gssapi context, take two
Next by thread: Re: Exporting gssapi context, take two
Index(es):
- Date
- Thread