Datagram Contexts

The semantics for datagram, or connectionless, contexts differ slightly from those for connection-oriented contexts. In a datagram's connectionless context, a server cannot determine when the client has shut down or otherwise terminated the connection. In other words, no termination notice is passed from the transport application to the server as would occur in a connection-oriented context.

To use a datagram context, a client sets the ISC_REQ_DATAGRAM flag in its call to the InitializeSecurityContext (General) function.

Important  The Microsoft Kerberos package does not support datagram contexts in user-to-user mode.

To better support some models, particularly DCE-style RPC, the following rules apply when the client uses a datagram context:

  • The security package does not produce an authentication BLOB (binary large object) on the first call to InitializeSecurityContext (General). However, the client can use the returned security context in a call to the MakeSignature function to generate a signature for a message.
  • The security package must allow for the context to be re-established multiple times to allow the server to drop the connection without notice. This implies that any keys used in the MakeSignature and VerifySignature functions can be reset to a consistent state.
  • The security package allows the caller to specify sequence information, and provides that sequence information at the receiver side. This is in addition to any sequence information maintained by the package.

A security package sets the SECPKG_FLAG_DATAGRAM flag to indicate that it supports datagram semantics.