Export (0) Print
Expand All

3.2.5.2 NegTokenInit2 Variation for Server-Initiation

Standard GSS has a strict notion of client (initiator) and server (acceptor). If client has not sent a negTokenInit ([RFC4178] section 4.2.1) message, no context establishment token is expected from the server.

SPNG allows the server to generate a context establishment token message such as a NegTokenInit2 message and send it to the client when GSS_Accept_sec_context() is called without an input_token.

The server generates a NegTokenInit2 message that includes the OIDs of the security protocols that are present and available on the server in the mechTypes field.

In the negHints field, the server places the string "not_defined_in_RFC4178@please_ignore"<9>, expressed as ANSI encoding, as specified in [ISO/IEC-8859-1], in the hintName field. For more information about how the hintName field is populated, see section 2.2.1.

The hintAddress field MUST be omitted and not transmitted. The NegTokenInit2 token is then passed to the client within the application protocol. When encoding the name, the configured locale on the computer SHOULD be used for the resulting character set.

Show:
© 2016 Microsoft