issue regarding gss_krb5int_make_seal_token_v3()

Will Fiveash William.Fiveash at
Fri Jun 24 19:23:55 EDT 2005

In gss_krb5int_make_seal_token_v3() (MIT 1.4) I see:

    } else if (toktype == KG_TOK_DEL_CTX) {
    tok_id = 0x0405;
    message = message2 = &empty_message;
    goto wrap_with_checksum;

(Notice the tok_id and also be aware that this function can be called
indirectly via GSS_Delete_sec_context().)

Nico points out to me that draft-ietf-krb-wg-gssapi-cfx-07.txt

4.3. Context Deletion Tokens 
   Context deletion tokens are empty in this mechanism.  Both peers to 
   a security context invoke GSS_Delete_sec_context() [RFC-2743] 
   independently, passing a null output_context_token buffer to 
   indicate that no context_token is required.  Implementations of 
   GSS_Delete_sec_context() should delete relevant locally-stored 
   context information. 

So my question is why is gss_krb5int_make_seal_token_v3() creating a
output token for a KG_TOK_DEL_CTX type of token and where is the token
ID of 0x0405 defined?

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list