On 11/13/2013 02:46 AM, Arpit Srivastava wrote: > The expected response is HTTP 401 with a token (which I will again feed to > init_sec_context to generate the next token to be sent to server).
Mutual authentication only requires a token from server to client. It does not require a second token from client to server. (There is a mode of the Kerberos mechanism which does involve a second client->server token, but it is only used with DCE RPC.) > 1. When to stop the context establishment loop - when I receive the > intended HTTP reponse (and not HTTP 401) or when context.isEstablished() > becomes true ? The latter; but the last token may not be generated by gss_init_sec_context. > 2. Is this behaviour correct - getting the HTTP response which is not HTTP > 401 even if the context is not fully established ? It seems correct. The server has gotten all the authentication information it expects to get from the client. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
