GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on
                     the input_token failed

   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
                     performed on the credential failed.

   GSS_S_NO_CRED     The supplied credentials were not valid for context
                     initiation, or the credential handle did not
                     reference any credentials.

   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired

   GSS_S_BAD_BINDINGS The input_token contains different channel
                     bindings to those specified via the
                     input_chan_bindings parameter

   GSS_S_BAD_SIG     The input_token contains an invalid signature, or a
                     signature that could not be verified




 
RFC 1509            GSSAPI - Overview and C bindings      September 1993


   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal error
                     during context establishment

   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of
                     a token already processed.  This is a fatal error
                     during context establishment.

   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did not
                     refer to a valid context

   GSS_S_BAD_NAMETYPE The provided target_name parameter contained an
                     invalid or unsupported type of name

   GSS_S_BAD_NAME    The provided target_name parameter was ill-formed.

   GSS_S_FAILURE     Failure.  See minor_status for more information

3.4. gss_accept_sec_context

      OM_uint32  gss_accept_sec_context (
                     OM_uint32 *     minor_status,
                     gss_ctx_id_t *  context_handle,
                     gss_cred_id_t   verifier_cred_handle,
                     gss_buffer_t    input_token_buffer
                     gss_channel_bindings_t
                                     input_chan_bindings,
                     gss_name_t *    src_name,
                     gss_OID *       mech_type,
                     gss_buffer_t    output_token,
                     int *           ret_flags,
                     OM_uint32 *     time_rec,
                     gss_cred_id_t * delegated_cred_handle)

   Purpose:

   Allows a remotely initiated security context between the application
   and a remote peer to be established.  The routine may return a
   output_token which should be transferred to the peer application,
   where the peer application will present it to gss_init_sec_context.
   If no token need be sent, gss_accept_sec_context will indicate this
   by setting the length field of the output_token argument to zero.  To
   complete the context establishment, one or more reply tokens may be
   required from the peer application; if so, gss_accept_sec_context
   will return a status flag of GSS_S_CONTINUE_NEEDED, in which case it
   should be called again when the reply token is received from the peer
   application, passing the token to gss_accept_sec_context via the
   input_token parameters.





 
RFC 1509            GSSAPI - Overview and C bindings      September 1993


   The values returned via the src_name, ret_flags, time_rec, and
   delegated_cred_handle parameters are not defined unless the routine
   returns GSS_S_COMPLETE.

   Parameters:

      context_handle    gss_ctx_id_t, read/modify
                        context handle for new context.  Supply
                        GSS_C_NO_CONTEXT for first call; use value
                        returned in subsequent calls.

      verifier_cred_handle    gss_cred_id_t, read, optional
                              Credential handle claimed by context
      acceptor.
                              Specify GSS_C_NO_CREDENTIAL to use default
                              credentials.  If GSS_C_NO_CREDENTIAL is
                              specified, but the caller has no default
                              credentials established, an