Negotiation of Extra Security Context Tokens for Kerberos V5 Generic Security Services Mechanism
Cryptonector
Dowdeswell Security Architecture
This Internet-Draft proposes an extension to the Kerberos V5 security mechanism for the Generic Security Services Application Programming Interface (GSS-API) for using extra security context tokens in order to recover from certain errors. Other benefits include: user-to-user authentication, authenticated errors, replay cache avoidance, and others.