#
#  A virtual server which is used to validate channel-bindings.
#
#	$Id$
#
#
#
server channel_bindings {
#
#  Only the "authorize" section is needed.
#
authorize {
	if (GSS-Acceptor-Service-Name && (outer.request:GSS-Acceptor-Service-Name != GSS-Acceptor-Service-Name)) {
		reject
	}

	if (GSS-Acceptor-Service-Name || GSS-Acceptor-Realm-Name || GSS-Acceptor-Host-Name) {
		update control {
			Chbind-Response-Code := success
		}

		#
		#  ACK the attributes in the request.
		#
		#  If any one of these attributes don't exist in the request,
		#  then they won't be copied to the reply.
		#
		update reply {
			GSS-Acceptor-Service-Name = &GSS-Acceptor-Service-Name
			GSS-Acceptor-Host-Name = &GSS-Acceptor-Host-Name
			GSS-Acceptor-Realm-Name = &GSS-Acceptor-Realm-Name
		}
	}

	#
	#  Return "handled" so that the "authenticate" section isn't used.
	#
	handled
}
}