PROXY  WHOIS  RQUOTE  TEXTS  SOFT  FOREX  BBOARD
 Music  Philosophy  Code  Literature  Russian

= ROOT|Technical|RFC|rfc1508.txt =

page 14 of 28 



      interface-defined recovery action is available.

   This routine is used by a context initiator, and ordinarily emits one
   (or, for the case of a multi-step exchange, more than one)
   output_token suitable for use by the target within the selected
   mech_type's protocol. Using information in the credentials structure
   referenced by claimant_cred_handle, GSS_Init_sec_context()
   initializes the data structures required to establish a security
   context with target targ_name. The claimant_cred_handle must
   correspond to the same valid credentials structure on the initial
   call to GSS_Init_sec_context()  and on any successor calls resulting
   from GSS_CONTINUE_NEEDED status returns; different protocol sequences
   modeled by the GSS_CONTINUE_NEEDED mechanism will require access to
   credentials at different points in the context establishment
   sequence.

   The input_context_handle argument is 0, specifying "not yet
   assigned", on the first GSS_Init_sec_context()  call relating to a
   given context. That call returns an output_context_handle for future
   references to this context. When continuation attempts to
   GSS_Init_sec_context()  are needed to perform context establishment,
   the previously-returned non-zero handle value is entered into the
   input_context_handle argument and will be echoed in the returned
   output_context_handle argument. On such continuation attempts (and
   only on continuation attempts) the input_token value is used, to
   provide the token returned from the context's target.

   The chan_bindings argument is used by the caller to provide
   information binding the security context to security-related
   characteristics (e.g., addresses, cryptographic keys) of the
   underlying communications channel. See Section 1.1.6 of this document
   for more discussion of this argument's usage.

   The input_token argument contains a message received from the target,
   and is significant only on a call to GSS_Init_sec_context() which
   follows a previous return indicating GSS_CONTINUE_NEEDED
   major_status.

   It is the caller's responsibility to establish a communications path
   to the target, and to transmit any returned output_token (independent
   of the accompanying returned major_status value) to the target over
   that path. The output_token can, however, be transmitted along with




 
RFC 1508               Generic Security Interface         September 1993


   the first application-provided input message to be processed by
   GSS_Sign() or GSS_Seal() in conjunction with a successfully-
   established context.

   The initiator may request various context-level functions through
   input flags: the deleg_req_flag requests delegation of access rights,
   the mutual_req_flag requests mutual authentication, the
   replay_det_req_flag requests that replay detection features be
   applied to messages transferred on the established context, and the
   sequence_req_flag requests that sequencing be enforced. (See Section
   1.2.3 for more information on replay detection and sequencing
   features.)

   Not all of the optionally-requestable features will be available in
   all underlying mech_types; the corresponding return state values
   (deleg_state, mutual_state, replay_det_state, sequence_state)
   indicate, as a function of mech_type processing capabilities and
   initiator-provided input flags, the set of features which will be
   active on the context. These state indicators' values are undefined
   unless the routine's major_status indicates COMPLETE. Failure to
   provide the precise set of features requested by the caller does not
   cause context establishment to fail; it is the caller's prerogative
   to delete the context if the feature set provided is unsuitable for
   the caller's use.  The returned mech_type value indicates the
   specific mechanism employed on the context, and will never indicate
   the value for "default".

   The conf_avail return value indicates whether the context supports
   per-message confidentiality services, and so informs the caller
   whether or not a request for encryption through the conf_req_flag
   input to GSS_Seal() can be honored. In similar fashion, the
   integ_avail return value indicates whether per-message integrity
   services are available (through either GSS_Sign() or GSS_Seal()) on
   the established context.

   The lifetime_req input specifies a desired upper bound for the
   lifetime of the context to be established, with a value of 0 used to
   request a default lifetime. The lifetime_rec return value indicates
   the length of time for which the context will be valid, expressed as
   an offset from the present; depending on mechanism capabilities,
   credential lifetimes, and local policy, it may not correspond to the
   value requested in lifetime_req.  If no constraints on context
   lifetime are imposed, this may be indicated by returning a reserved
   value representing INDEFINITE lifetime_req. The values of conf_avail,
   integ_avail, and lifetime_rec are undefined unless the routine's
   major_status indicates COMPLETE.

   If the mutual_state is TRUE, this fact will be reflected within the
=14=

1.8|9|10|11|12|13| < PREV = PAGE 14 = NEXT > |15|16|17|18|19|20.28

UP TO ROOT | UP TO DIR | TO FIRST PAGE

Google
 


E-mail Facebook Google Digg del.icio.us BlinkList Fark Furl Ma.gnolia Netscape NewsVine Reddit Slashdot Spurl StumbleUpon Technorati YahooMyWeb LiveJournal Blogmarks TwitThis Live News2.ru BobrDobr.ru Memori.ru MoeMesto.ru

0.0175331 wallclock secs ( 0.00 usr + 0.01 sys = 0.01 CPU)