RFC 4121 - Context Deletion Tokens

Douglas E. Engert deengert at anl.gov
Fri May 7 10:48:24 EDT 2010

Srinivas Cheruku wrote:
>>         and no GSS is involved in doing so?
> Well, you'd want to protect the application "delete context" message
> with a MIC or a wrap.
> [Srinivas Cheruku] Do you mean that we can generate a MIC token with message
> as NULL for delete context and can be sent to the peer and this is an
> interoperable approach? Is there any interoperable way of signalling delete
> context to the peer?

All the gssapi applications I have ever seen, delete the context based
either because of a network failure, or the client and server have agreed
using some non-GSSAPI message to close the connection.

In every case the applications need to call gss_delete_sec_context on
both ends.

So is there some special reason you need to use the GSSAPI delete context

gss_delete_sec_context will return a token, and this can be sent if the transport
connection is working but is not strictly required.

> Thanks,
> Srini
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list