Out-of-Sequence Detection and Replay Detection (GSS-API Programming Guide)

GSS-API Programming Guide

Previous: Mutual Authentication
Next: Anonymous Authentication

Out-of-Sequence Detection and Replay Detection

In the common case where a context initiator is transmitting several sequential data packets to the acceptor, some mechanisms allow the context acceptor to check whether or not the packets are arriving as they should: in the right order, and with no unwanted duplication of packets (shown in Figure 1–9). The acceptor checks for these two conditions when it verifies a packet's validity or when it unwraps a packet; see Unwrapping and Verification for more information.

Figure 1–9 Message Replay and Message Out-of-Sequence

Diagram shows duplicate and out of sequence error conditions.

To request that these two conditions be looked for, the initiator should logically OR the req_flags argument with the values GSS_C_REPLAY_FLAG or GSS_C_SEQUENCE_FLAG when initiating the context with gss_init_sec_context().

Previous: Mutual Authentication
Next: Anonymous Authentication