GSSAPI - context lifetime

Machin, Glenn D GMachin at
Thu May 29 15:38:05 EDT 2008

I apologize if this is not the right forum for this question.

The gss_wrap and seal routines are dependent on the context endtime. The context endtime is derived from the service ticket lifetime. For a gssftp session if multiple data transfers exceed the ticket lifetime the gssftp session fails.

Can someone tell me why the context is tied to ticket lifetime?

Could we change the endtime to indefinite by specifying GSS_C_INDEFINITE for
time_req on the init_sec_context() and on the server by specifying a NULL for time_rec on the accept_sec_context()?


More information about the krbdev mailing list