o  output_context_handle INTEGER,

   o  mech_type OBJECT IDENTIFIER, -actual mechanism always
      indicated, never NULL

   o  output_token OCTET STRING, -NULL or token to pass to context
      target

   o  deleg_state BOOLEAN,

   o  mutual_state BOOLEAN,

   o  replay_det_state BOOLEAN,

   o  sequence_state BOOLEAN,

   o  conf_avail BOOLEAN,

   o  integ_avail BOOLEAN,

   o  lifetime_rec INTEGER - in seconds, or reserved value for
      INDEFINITE

   This call may block pending network interactions for those mech_types
   in which an authentication server or other network entity must be
   consulted on behalf of a context initiator in order to generate an
   output_token suitable for presentation to a specified target.

   Return major_status codes:





 
RFC 1508               Generic Security Interface         September 1993


   o  GSS_COMPLETE indicates that context-level information was
      successfully initialized, and that the returned output_token will
      provide sufficient information for the target to perform per-
      message processing on the newly-established context.

   o  GSS_CONTINUE_NEEDED indicates that control information in the
      returned output_token must be sent to the target, and that a reply
      must be received and passed as the input_token argument to a
      continuation call to GSS_Init_sec_context(),  before per-message
      processing can be performed in conjunction with this context.

   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
      the input_token failed, preventing further processing from being
      performed based on that token.

   o  GSS_DEFECTIVE_CREDENTIAL indicates that consistency checks
      performed on the credential structure referenced by
      claimant_cred_handle failed, preventing further processing from
      being performed using that credential structure.

   o  GSS_BAD_SIG indicates that the received input_token contains an
      incorrect signature, so context setup cannot be accomplished.

   o  GSS_NO_CRED indicates that no context was established, either
      because the input cred_handle was invalid, because the referenced
      credentials are valid for context acceptor use only, or because
      the caller lacks authorization to access the referenced
      credentials.

   o  GSS_CREDENTIALS_EXPIRED indicates that the credentials provided
      through the input claimant_cred_handle argument are no longer
      valid, so context establishment cannot be completed.

   o  GSS_BAD_BINDINGS indicates that a mismatch between the caller-
      provided chan_bindings and those extracted from the input_token
      was detected, signifying a security-relevant event and preventing
      context establishment. (This result will be returned by
      GSS_Init_sec_context only for contexts where mutual_state is
      TRUE.)

   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
      the input context_handle provided; this major status will be
      returned only for successor calls following GSS_CONTINUE_NEEDED
      status returns.

   o  GSS_BAD_NAMETYPE indicates that the provided targ_name is of a
      type uninterpretable or unsupported by the supporting GSS-API
      implementation, so context establishment cannot be completed.




 
RFC 1508               Generic Security Interface         September 1993


   o  GSS_BAD_NAME indicates that the provided targ_name is inconsistent
      in terms of internally-incorporated type specifier information, so
      context establishment cannot be accomplished.

   o  GSS_FAILURE indicates that context setup could not be accomplished
      for reasons unspecified at the GSS-API level, and that no