Contains several independent
flags, each of which indicates that the context supports (or is
expected to support, if open is FALSE), a specific service option.
If not needed, specify NULL. Symbolic names are provided for each
flag, and the symbolic names corresponding to the required flags
should be logically ANDed with the ret_flags value
to test whether a given option is supported by the context. The
TRUE — Credentials were delegated from the initiator
to the acceptor.FALSE — No credentials were delegated.
GSS_C_MUTUAL_FLAGTRUE — The
acceptor was authenticated to the initiator.FALSE — The
acceptor did not authenticate itself.
TRUE — Replay of protected messages will be detected.FALSE — Replay
messages will not be detected.
TRUE — Out-of-sequence protected messages will be
detected.FALSE — Out-of-sequence messages will not be detected.
TRUE — Confidentiality service may be invoked by
calling the gss_wrap routine.FALSE — No
confidentiality service (via gss_wrap)
is available. The gss_wrap routine provides
message encapsulation, data-origin authentication, and integrity
TRUE — Integrity service may be invoked by calling
either the gss_get_mic or gss_wrap routine.FALSE — Per-message
integrity service is unavailable.
TRUE — The initiator's identity will not be revealed
to the acceptor. The src_name argument
(if requested) contains an anonymous internal name.FALSE — The
initiator has been authenticated normally.
TRUE — Protection services (as specified by the states
of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use.FALSE — Protection
services (as specified by the states of the GSS_C_CONF_FLAG and
GSS_C_INTEG_FLAG) are available only if the context is fully established
(that is, if the open argument is nonzero).
TRUE — The resultant security context may be transferred
to other processes via a call to gss_export_sec_context.FALSE — The
security context is not transferable.