Compartilhar via


2.2.2.12 Authentication Tokens

These extensions require the conceptual model specified in [RFC2743] for all interactions with all security providers. An implementation instructs the Generic Security Services (GSS)-API–compatible security providers to operate in a distributed computing environment (DCE)–compatible manner by setting the DCE Style protocol variable. The following table details what PDU type MUST carry (in its auth_ token segment) the output of what GSS [GSS] call during processing, as specified in section 3.3.1.5.2.2.

 RPC PDU name

 GSS call producing auth_value

 Bind

First call to GSS_Init_sec_context, as specified in [RFC2743] section 2.2.1.

 bind_ack

First call to GSS_Accept_sec_context, as specified in [RFC2743] section 2.2.2.

 alter_context, rpc_auth_3

Second and subsequent calls to GSS_Init_sec_context, as specified in [RFC2743] section 2.2.1.

 alter_context_resp

Second and subsequent calls to GSS_Accept_sec_context, as specified in [RFC2743] section 2.2.2.

Request

If the auth_level (as specified in section 2.2.2.11) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_WrapEx; else call to GSS_GetMICEx. See section 3.3.1.5.2.2 for details.

Response

If the auth_level (as specified in section 2.2.2.11) is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, call to GSS_UnwrapEx; else call to GSS_VerifyMICEx. See section 3.3.1.5.2.2 for details.