RFC 4121 - Context Deletion Tokens
Douglas E. Engert
deengert at anl.gov
Fri May 7 10:48:24 EDT 2010
Srinivas Cheruku wrote:
>> and no GSS is involved in doing so?
> Well, you'd want to protect the application "delete context" message
> with a MIC or a wrap.
> [Srinivas Cheruku] Do you mean that we can generate a MIC token with message
> as NULL for delete context and can be sent to the peer and this is an
> interoperable approach? Is there any interoperable way of signalling delete
> context to the peer?
All the gssapi applications I have ever seen, delete the context based
either because of a network failure, or the client and server have agreed
using some non-GSSAPI message to close the connection.
In every case the applications need to call gss_delete_sec_context on
So is there some special reason you need to use the GSSAPI delete context
gss_delete_sec_context will return a token, and this can be sent if the transport
connection is working but is not strictly required.
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev