RFC Errata
RFC 4752, "The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism", November 2006
Source of RFC: sasl (sec)
Errata ID: 5532
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Borun Song
Date Reported: 2018-10-18
Held for Document Update by: Benjamin Kaduk
Date Held: 2018-10-18
Section 3.2 says:
with the first octet containing a bit-mask specifying the security layers supported by the server and the second through fourth octets containing in network byte order the maximum size output_token the server is able to receive (which MUST be 0 if the server does not support any security layer).
It should say:
with the first octet containing a bit-mask specifying the security layers supported by the server and the second through fourth octets containing in network byte order the maximum size output_message the server is able to receive (which MUST be 0 if the server does not support any security layer).
Notes:
‘output_token’ should be 'output_message' here, since 'output_token' is an output of GSS_Init_sec_context while here we are talking about the maximum data length that GSS_Unwrap (GSS_Wrap of the oppsite side) can handle