2.2.2.12 Authentication Tokens
These extensions require the conceptual model specified in [RFC2743] for all interactions with all security providers. An implementation instructs the Generic Security Services (GSS)-API–compatible security providers to operate in a distributed computing environment (DCE)–compatible manner by setting the DCE Style protocol variable. The following table details what PDU type MUST carry (in its auth_ token segment) the output of what GSS [GSS] call during processing, as specified in section 3.3.1.5.2.2.
|
RPC PDU name |
GSS call producing auth_value |
|---|---|
|
Bind |
First call to GSS_Init_sec_context, as specified in [RFC2743] section 2.2.1. |
|
bind_ack |
First call to GSS_Accept_sec_context, as specified in [RFC2743] section 2.2.2. |
|
alter_context, rpc_auth_3 |
Second and subsequent calls to GSS_Init_sec_context, as specified in [RFC2743] section 2.2.1. |
|
alter_context_resp |
Second and subsequent calls to GSS_Accept_sec_context, as specified in [RFC2743] section 2.2.2. |
|
Request |
If the auth_level (as specified in section 2.2.2.11) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_WrapEx; else call to GSS_GetMICEx. See section 3.3.1.5.2.2 for details. |
|
Response |
If the auth_level (as specified in section 2.2.2.11) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_UnwrapEx; else call to GSS_VerifyMICEx. See section 3.3.1.5.2.2 for details. |