Reuse of GSSAPI Tokens

Douglas E. Engert deengert at
Thu Jul 21 14:38:06 EDT 2005

Jiva DeVoe wrote:

> Is it possible to use a token generated by the GSSAPI call  
> gss_init_sec_context call to establish more than one security context  
> via the gss_accept_sec_context call?

No. Generically speaking with GSS, you don't know what is in the token,
and the underlying mechanism may require the exchange a number of tokens
before returning success.

> Meaning, can I pass a token to gss_accept more than once?  In my  
> testing, it appears I can't.  Subsequent calls result in an invalid  
> context.  If this is the case, I'm curious how this is done, since my  
> token appears to be unchanged. 

Why do you need to do this in the first place?

Generically speeking you should be able to establish more then one context,
but you must go through the gss_init_sec_context/gss_accept_sec_context
loop for each context. If the Kerberos gssapi mechanism is not letting
you do this, then there is a problem.

> -- 
> Jiva DeVoe
> PowerCard - Intuitive Project Management Software for Mac OS X
> ------------------------------------------------------------------------
> _______________________________________________
> krbdev mailing list             krbdev at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list