PROXY  WHOIS  RQUOTE  TEXTS  SOFT  FOREX  BBOARD
 Music  Philosophy  Code  Literature  Russian

= ROOT|Technical|RFC|rfc1508.txt =

page 16 of 28 



      input_token was correct, but that the input_token is too old to be
      checked for duplication against previously-processed input_tokens.
      No new context is established.

   o  GSS_NO_CRED indicates that no context was established, either
      because the input cred_handle was invalid, because the referenced
      credentials are valid for context initiator use only, or because
      the caller lacks authorization to access the referenced
      credentials.





 
RFC 1508               Generic Security Interface         September 1993


   o  GSS_CREDENTIALS_EXPIRED indicates that the credentials provided
      through the input acceptor_cred_handle argument are no longer
      valid, so context establishment cannot be completed.

   o  GSS_BAD_BINDINGS indicates that a mismatch between the caller-
      provided chan_bindings and those extracted from the input_token
      was detected, signifying a security-relevant event and preventing
      context establishment.

   o GSS_NO_CONTEXT indicates that no valid context was recognized for
      the input context_handle provided; this major status will be
      returned only for successor calls following GSS_CONTINUE_NEEDED
      status returns.

   o  GSS_FAILURE indicates that context setup could not be accomplished
      for reasons unspecified at the GSS-API level, and that no
      interface-defined recovery action is available.

   The GSS_Accept_sec_context()  routine is used by a context target.
   Using information in the credentials structure referenced by the
   input acceptor_cred_handle, it verifies the incoming input_token and
   (following the successful completion of a context establishment
   sequence) returns the authenticated src_name and the mech_type used.
   The acceptor_cred_handle must correspond to the same valid
   credentials structure on the initial call to GSS_Accept_sec_context()
   and on any successor calls resulting from GSS_CONTINUE_NEEDED status
   returns; different protocol sequences modeled by the
   GSS_CONTINUE_NEEDED mechanism will require access to credentials at
   different points in the context establishment sequence.

   The input_context_handle argument is 0, specifying "not yet
   assigned", on the first GSS_Accept_sec_context()  call relating to a
   given context. That call returns an output_context_handle for future
   references to this context; when continuation attempts to
   GSS_Accept_sec_context()  are needed to perform context
   establishment, that handle value will be entered into the
   input_context_handle argument.

   The chan_bindings argument is used by the caller to provide
   information binding the security context to security-related
   characteristics (e.g., addresses, cryptographic keys) of the
   underlying communications channel. See Section 1.1.6 of this document
   for more discussion of this argument's usage.

   The returned state results (deleg_state, mutual_state,
   replay_det_state, and sequence_state) reflect the same context state
   values as returned to GSS_Init_sec_context()'s  caller at the
   initiator system.




 
RFC 1508               Generic Security Interface         September 1993


   The conf_avail return value indicates whether the context supports
   per-message confidentiality services, and so informs the caller
   whether or not a request for encryption through the conf_req_flag
   input to GSS_Seal()  can be honored. In similar fashion, the
   integ_avail return value indicates whether per-message integrity
   services are available (through either GSS_Sign()  or GSS_Seal())  on
   the established context.

   The lifetime_rec return value indicates the length of time for which
   the context will be valid, expressed as an offset from the present.
   The values of deleg_state, mutual_state, replay_det_state,
   sequence_state, conf_avail, integ_avail, and lifetime_rec are
   undefined unless the accompanying major_status indicates COMPLETE.

   The delegated_cred_handle result is significant only when deleg_state
   is TRUE, and provides a means for the target to reference the
   delegated credentials. The output_token result, when non-NULL,
   provides a context-level token to be returned to the context
   initiator to continue a multi-step context establishment sequence. As
   noted with GSS_Init_sec_context(),  any returned token should be
   transferred to the context's peer (in this case, the context
   initiator), independent of the value of the accompanying returned
   major_status.

   Note: A target must be able to distinguish a context-level
   input_token, which is passed to GSS_Accept_sec_context(),  from the
=16=

1.10|11|12|13|14|15| < PREV = PAGE 16 = NEXT > |17|18|19|20|21|22.28

UP TO ROOT | UP TO DIR | TO FIRST PAGE

Google
 


E-mail Facebook Google Digg del.icio.us BlinkList Fark Furl Ma.gnolia Netscape NewsVine Reddit Slashdot Spurl StumbleUpon Technorati YahooMyWeb LiveJournal Blogmarks TwitThis Live News2.ru BobrDobr.ru Memori.ru MoeMesto.ru

0.048135 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU)