PreviousNext

Accepting a Security Context with Delegated Credentials

If the GSS_C_DELEG_FLAG flag has been set when the security context was initiated, the gss_accept_sec_context( ) routine will pass a credential to the acceptor. The routine does the following:

1. Uses information from the input token to create the appropriate delegated credential

2. Creates an impersonation or traced delegation credential with an INITIATE credential type

3. Passes the delegated INITIATE credential to the acceptor

The principal named in the delegated INITIATE credential is the name of the initiator (for impersonation delegation) or the acceptor acting for the initiator (for traced delegation). The acceptor uses the credential to act for the initiator, initiating security contexts as appropriate.