 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Yes, this problem affects initiators too. If you want to solve the Identity Selection problem _above_ the GSS-API (and I agree that the solutions do belong outside the GSS-API), then you need to solve the CREDENTIAL HANDLE issue first.
The credential handle problem is already solved for init sec context, if you just can get hold of them.
GSS-API is part of the identity selection problem since its the holder of credentials.
The application/framework will need to drive authentication and select/ try credentials as it seems approproate and remember what of them was useful.
This would work today, if it was possible to get initial credentials and list existing/configured credentials
Love