3.2.5 Message Processing Events and Sequencing Rules

Article
04/23/2024

The server SHOULD ignore the negHints field in the negTokenInit2 message.

The server MUST use the erroneous Kerberos value (1.2.840.48018.1.2.2) as the supportedMech field in the response negotiation token if the optimistic Kerberos token (1.2.840.48018.1.2.2) is accepted, as specified in [RFC4178] section 4.2.2 and Appendix C.

The SPNG server SHOULD invoke Send Fragmented Messages (section 3.1.5.6) when a GSS_Accept_sec_context() ([RFC2743] section 2.2.2) with the FragmentToFit parameter set to TRUE (section 3.1.1) is received, and either:

The Negotiate Token ([RFC4178] section 4.2) to be sent exceeds MaxOutputTokenSize, or
FragmentOutputToken is set to TRUE.

The server MUST invoke Receive Fragmented Messages (section 3.1.5.9) when a packet is received and either:

The packet contains a valid ASN.1 header but an incomplete body, or
FragmentOutputToken is set to TRUE.

3.2.5 Message Processing Events and Sequencing Rules

Additional resources