# README
Notes on GSS-API Negotiation Mechanism
https://tools.ietf.org/html/rfc4178
Client sends an initial negotiation message to the server which specifies the list of mechanisms
the client can support in order of decreasing preference.
This message is generated with the NewNegTokenInitKrb5 method.
The message generated by this function specifies only a kerberos v5 mechanism is supported.
The RFC states that this message can optionally contain the initial mechanism token
for the preferred mechanism (KRB5 in this case) of the client. The NewNegTokenInitKrb5
includes this in the message.
The server side responds to this message with a one of four messages:
| Message Type/State | Description |
|---|---|
| accept-completed | indicates that the initiator-selected mechanism was acceptable to the target, and that the security mechanism token embedded in the first negotiation message was sufficient to complete the authentication |
| accept-incomplete | At least one more message is needed from the client to establish security context. |
| reject | Negotiation is being terminated. |
| request-mic | (this state can only be present in the first reply message from the target) indicates that the MIC token exchange is REQUIRED if per-message integrity services are available |
# Functions
NewContextFlags creates a new ContextFlags instance DEPRECATED - do not use.
NewInitiatorMICToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
NewInitiatorWrapToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
# Constants
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
FillerByte is a filler in the WrapToken structure.
HdrLen is the length of the Wrap Token's header.
MICTokenFlagAcceptorSubkey - a subkey asserted by the context acceptor is used to protect the message.
MICTokenFlagSealed - this flag indicates confidentiality is provided for.
MICTokenFlagSentByAcceptor - this flag indicates the sender is the context acceptor.
Indicates the client cannot get a service ticket and asks the server to serve as an intermediate to the target KDC.
MechType OID for Kerberos 5.
MechType OID for Kerberos 5.
GSS-API OID names.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
# Interfaces
ContextToken is an interface for a GSS-API context token.
Mechanism is the GSS-API interface for authentication mechanisms.
# Type aliases
ContextFlags flags for GSSAPI DEPRECATED - do not use.
OIDName is the type for defined GSS-API OIDs.