GSS_DELETE_SEC_CONTEXT(3) Programmer's Manual GSS_DELETE_SEC_CONTEXT(3)NAMEgss_delete_sec_context — Discard a security context
gss_ctx_id_t *context_handle, gss_buffer_t output_token);
Delete a security context. gss_delete_sec_context() will delete the
local data structures associated with the specified security context, and
may generate an output_token, which when passed to the peer
gss_process_context_token() will instruct it to do likewise. If no token
is required by the mechanism, the GSS-API should set the length field of
the output_token (if provided) to zero. No further security services may
be obtained using the context specified by context_handle.
In addition to deleting established security contexts,
gss_delete_sec_context() must also be able to delete "half-built" secu‐
rity contexts resulting from an incomplete sequence of
gss_init_sec_context() / gss_accept_sec_context() calls.
The output_token parameter is retained for compatibility with version 1
of the GSS-API. It is recommended that both peer applications invoke
gss_delete_sec_context() passing the value GSS_C_NO_BUFFER for the
output_token parameter, indicating that no token is required, and that
gss_delete_sec_context() should simply delete local context data struc‐
tures. If the application does pass a valid buffer to
gss_delete_sec_context(), mechanisms are encouraged to return a zero-
length token, indicating that no peer action is necessary, and that no
token should be transferred by the application.
minor_status Mechanism specific status code.
Context handle identifying context to delete. After delet‐
ing the context, the GSS-API will set this context handle
output_token Token to be sent to remote application to instruct it to
also delete the context. It is recommended that applica‐
tions specify GSS_C_NO_BUFFER for this parameter, request‐
ing local deletion only. If a buffer parameter is provided
by the application, the mechanism may return a token in it;
mechanisms that implement only local deletion should set
the length field of this token to zero to indicate to the
application that no token is to be sent to the peer.
No valid context was supplied
SEE ALSOgss_process_context_token(3), gss_init_sec_context(3),
RFC 2743 Generic Security Service Application Program Interface Ver‐
sion 2, Update 1
RFC 2744 Generic Security Service API Version 2 : C-bindings
The gss_delete_sec_context function first appeared in FreeBSD 7.0.
John Wray, Iris Associates
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to oth‐
ers, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and dis‐
tributed, in whole or in part, without restriction of any kind, provided
that the above copyright notice and this paragraph are included on all
such copies and derivative works. However, this document itself may not
be modified in any way, such as by removing the copyright notice or ref‐
erences to the Internet Society or other Internet organizations, except
as needed for the purpose of developing Internet standards in which case
the procedures for copyrights defined in the Internet Standards process
must be followed, or as required to translate it into languages other
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT‐
NESS FOR A PARTICULAR PURPOSE.
BSD January 26, 2010 BSD