Class GSSAPI.Context

Inheritance graph

Class representing a security context; see RFC 2743 section 1.1.3 The user usually instantiates one of the two inheriting classes GSSAPI.InitContext or GSSAPI.AcceptContext, based on whether the context should act as initiator or acceptor for the connection. This class is instantiated directly for imported contexts.


If a Context object for a partly or completely established context is destructed, GSS_Delete_sec_context (RFC 2743 section 2.2.3) is called. That function might do blocking network I/O, which due to pike's object management might occur essentially anytime in any thread if the object isn't explicitly destructed. To avoid that, it's strongly recommended to call delete in contexts that are no longer used.

Method create

GSSAPI.Context GSSAPI.Context(string interprocess_token, void|int required_services)


Creates a context by importing an inter-process token.

This wraps GSS_Import_sec_context according to RFC 2743 section 2.2.9.

Parameter interprocess_token

The inter-process token which has been created by export or some other GSS_Export_sec_context wrapper.

Parameter required_services

Bitfield of GSSAPI.*_FLAG flags specifying all services that must be provided in the context. If the context fail to provide any of them then it is closed and a GSSAPI.MissingServicesError is thrown.

GSSAPI.PROT_READY_FLAG is ignored in this parameter. The fact that a user calls a per-message function indicates that this service is required at that point, and a GSSAPI.MissingServicesError is thrown if it isn't.


It is not possible to retrieve delegated credentials from an imported context. That is a GSS-API limitation.