How do I query the max token size from GSS-API?

Sam Hartman hartmans at MIT.EDU
Fri Dec 4 15:44:51 EST 2009

>>>>> "Matthew" == Matthew M DeLoera <mdeloera at> writes:

    Matthew> Is there any equivalent in GSS-API? Right now I have 1024
    Matthew> hardcoded in my code, but I'd like to dynamically query
    Matthew> it. Or, is there some well-known max size that I should
    Matthew> hardcode?

No, GSS-API does not provide a guaranteed maximum.  There is
wrap_size_limit for getting the expansion of a given per-message token,
but there is nothing for context tokens.  In general, you should
dynamically resize based on what you get over the network.  Note that if
you are generating a token, then gss-api will allocate the memory for

1024 is definitely too small for Kerberos context tokens.

More information about the krbdev mailing list