2.2.3.5 Authentication Tokens
The token length is not transmitted explicitly. A recipient infers the length of the token by subtracting the combined length of the connectionless RPC header, stub data, sec_trailer_cl, and padding bytes from the length of the received packet, as reported by the underlying transport.
A client or a server (that, during processing, has allocated more space for the authentication token than the security provider fills in) SHOULD <46>fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<47>
|
RPC PDU |
GSS call producing auth_value |
|---|---|
|
Conv_who_are_you_auth's in_data parameter |
First call to GSS_Accept_sec_context, as specified in [RFC2743] section 2.2.2. |
|
Conv_who_are_you_auth's out_data parameter |
Second call to GSS_Init_sec_context, as specified in [RFC2743] section 2.2.1. If the data cannot be returned in a single PDU, the server queries the remainder with calls to conv_who_are_you_auth_more(). |
|
Request PDU |
If the auth_level (as specified in section 2.2.3.4) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_Wrap (as specified in [RFC2743] section 2.3.3); else call to GSS_GetMIC (as specified in [RFC2743] section 2.3.1). |
|
Response PDU |
If the auth_level (as specified in section 2.2.3.4) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_Unwrap (as specified in [RFC2743] section 2.3.4); else call to GSS_VerifyMIC (as specified in [RFC2743] section 2.3.2). |