Zero is returned if the verification fails with
GSSAPI.DEFECTIVE_TOKEN or GSSAPI.BAD_MIC .
Otherwise the message origin and integrity checks out, but it
might still be considered wrong depending on whether the replay
detection or sequencing services are required (see
required_services ):
If replay detection (c.f. GSSAPI.REPLAY_FLAG ) is required
then zero is returned if the message is duplicated
(GSSAPI.DUPLICATE_TOKEN ) or old (GSSAPI.OLD_TOKEN ).
If sequencing (c.f. GSSAPI.SEQUENCE_FLAG ) is required then in
addition to the replay detection conditions, zero is also
returned if the message is out of sequence
(GSSAPI.UNSEQ_TOKEN or GSSAPI.GAP_TOKEN ).
Otherwise nonzero is returned to indicate that the message is
valid according to the currently required services.