github.com/jcmturner/gokrb5/v8@v8.4.4/gssapi/README.md

github.com/jcmturner/gokrb5/v8@v8.4.4/gssapi/README.md (about)

     1  # Notes on GSS-API Negotiation Mechanism
     2  https://tools.ietf.org/html/rfc4178
     3  
     4  Client sends an initial negotiation message to the server which specifies the list of mechanisms 
     5  the client can support in order of decreasing preference.
     6  This message is generated with the ``NewNegTokenInitKrb5`` method.
     7  The message generated by this function specifies only a kerberos v5 mechanism is supported.
     8  
     9  The RFC states that this message can optionally contain the initial mechanism token 
    10  for the preferred mechanism (KRB5 in this case) of the client. The ``NewNegTokenInitKrb5`` 
    11  includes this in the message.
    12  
    13  The server side responds to this message with a one of four messages:
    14  
    15  | Message Type/State | Description |
    16  |--------------------|-------------|
    17  | accept-completed | indicates that the initiator-selected mechanism was acceptable to the target, and that the security mechanism token embedded in the first negotiation message was sufficient to complete the authentication |
    18  | accept-incomplete | At least one more message is needed from the client to establish security context. |
    19  | reject | Negotiation is being terminated. |
    20  | request-mic | (this state can only be present in the first reply message from the target) indicates that the MIC token exchange is REQUIRED if per-message integrity services are available |