A user who transfers files to an ftp site typically does not need proof of the site's identity. On the other hand, a user who is required to provide a credit card number to an application would want definite proof of the receiver's identity. In such a case, mutual authentication is required. Both the context initiator and the acceptor must prove their identities.
A context initiator can request mutual authentication by setting the gss_init_sec_context() req_flags argument
to the value
GSS_C_MUTUAL_FLAG. If mutual authentication has
been authorized, the function indicates authorization by setting the ret_flags argument to this value. If mutual authentication is
requested but not available, the initiating application is responsible for
responding accordingly. GSS-API does not automatically terminate a context
when mutual authentication is requested but unavailable. Also, some mechanisms
always perform mutual authentication even without a specific request.