issue regarding gss_krb5int_make_seal_token_v3()
Will Fiveash
William.Fiveash at sun.com
Fri Jun 24 19:23:55 EDT 2005
In gss_krb5int_make_seal_token_v3() (MIT 1.4) I see:
} else if (toktype == KG_TOK_DEL_CTX) {
tok_id = 0x0405;
message = message2 = &empty_message;
goto wrap_with_checksum;
(Notice the tok_id and also be aware that this function can be called
indirectly via GSS_Delete_sec_context().)
Nico points out to me that draft-ietf-krb-wg-gssapi-cfx-07.txt
states:
4.3. Context Deletion Tokens
Context deletion tokens are empty in this mechanism. Both peers to
a security context invoke GSS_Delete_sec_context() [RFC-2743]
independently, passing a null output_context_token buffer to
indicate that no context_token is required. Implementations of
GSS_Delete_sec_context() should delete relevant locally-stored
context information.
So my question is why is gss_krb5int_make_seal_token_v3() creating a
output token for a KG_TOK_DEL_CTX type of token and where is the token
ID of 0x0405 defined?
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list