Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

gss_inquire_cred_by_mech(3gss) [opensolaris man page]

gss_inquire_cred_by_mech(3GSS)			  Generic Security Services API Library Functions		    gss_inquire_cred_by_mech(3GSS)

NAME
gss_inquire_cred_by_mech - obtain per-mechanism information about a credential SYNOPSIS
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status, const gss_cred_id_t cred_handle,const gss_OID mech_type, gss_name_t *name, OM_uint32 *initiator_lifetime, OM_uint32 *acceptor_lifetime, gss_cred_usage_t *cred_usage); PARAMETERS
acceptor_lifetime The number of seconds that the credential is capable of accepting security contexts under the specified mechanism. If the credential can no longer be used to accept contexts, or if the credential usage for this mechanism is GSS_C_INI- TIATE, this parameter will be set to 0. Specify NULL if this parameter is not required. cred_handle A handle that refers to the target credential. Specify GSS_C_NO_CREDENTIAL to inquire about the default initiator principal. cred_usage How the credential may be used with the specified mechanism. The cred_usage parameter may contain one of the follow- ing values: GSS_C_INITIATE, GSS_C_ACCEPT, or GSS_C_BOTH. Specify NULL if this parameter is not required. initiator_lifetime The number of seconds that the credential is capable of initiating security contexts under the specified mechanism. If the credential can no longer be used to initiate contexts, or if the credential usage for this mechanism is GSS_C_ACCEPT, this parameter will be set to 0. Specify NULL if this parameter is not required. mech_type The mechanism for which the information should be returned. minor_status A mechanism specific status code. name The name whose identity the credential asserts. Any storage associated with this name must be freed by the applica- tion after use by a call to gss_release_name(3GSS). DESCRIPTION
The gss_inquire_cred_by_mech() function obtains per-mechanism information about a credential. ERRORS
The gss_inquire_cred_by_mech() function can return the following status codes: GSS_S_COMPLETE Successful completion. GSS_S_CREDENTIALS_EXPIRED The credentials cannot be added because they have expired. GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials are invalid. GSS_S_FAILURE The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism- specific status code reported by means of the minor_status parameter details the error condition. GSS_S_NO_CRED The referenced credentials cannot be accessed. GSS_S_UNAVAILABLE The gss_inquire_cred_by_mech() function is not available for the specified mechanism type. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWgss (32-bit) | +-----------------------------+-----------------------------+ | |SUNWgssx (64-bit) | +-----------------------------+-----------------------------+ |MT-Level |Safe | +-----------------------------+-----------------------------+ SEE ALSO
gss_release_name(3GSS), attributes(5) Solaris Security for Developers Guide SunOS 5.11 15 Aug 2007 gss_inquire_cred_by_mech(3GSS)

Check Out this Related Man Page

gss_acquire_cred(3GSS)				  Generic Security Services API Library Functions			    gss_acquire_cred(3GSS)

NAME
gss_acquire_cred - acquire a handle for a pre-existing credential by name SYNOPSIS
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, const gss_name_t *desired_name, OM_uint32 time_req, const gss_OID_set desired_mech, gss_cred_usage_t cred_usage, gss_cred_id_t * output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec); DESCRIPTION
The gss_acquire_cred() function allows an application to acquire a handle for a pre-existing credential by name. This routine is not intended as a function to login to the network; a function for login to the network would involve creating new credentials rather than merely acquiring a handle to existing credentials. If desired_name is GSS_C_NO_NAME, the call is interpreted as a request for a credential handle that will invoke default behavior when passed to gss_init_sec_context(3GSS) (if cred_usage is GSS_C_INITIATE or GSS_C_BOTH) or gss_accept_sec_context(3GSS) (if cred_usage is GSS_C_ACCEPT or GSS_C_BOTH). Normally gss_acquire_cred() returns a credential that is valid only for the mechanisms requested by the desired_mechs argument. However, if multiple mechanisms can share a single credential element, the function returns all the mechanisms for which the credential is valid in the actual_mechs argument. gss_acquire_cred() is intended to be used primarily by context acceptors, since the GSS-API routines obtain initiator credentials through the system login process. Accordingly, you may not acquire GSS_C_INITIATE or GSS_C_BOTH credentials by means of gss_acquire_cred() for any name other than GSS_C_NO_NAME. Alternatively, you may acquire GSS_C_INITIATE or GSS_C_BOTH credentials for a name produced when gss_inquire_cred(3GSS) is applied to a valid credential, or when gss_inquire_context(3GSS) is applied to an active context. If credential acquisition is time-consuming for a mechanism, the mechanism may choose to delay the actual acquisition until the credential is required, for example, by gss_init_sec_context(3GSS) or by gss_accept_sec_context(3GSS). Such mechanism-specific implementations are, however, invisible to the calling application; thus a call of gss_inquire_cred(3GSS) immediately following the call of gss_acquire_cred() will return valid credential data and incur the overhead of a deferred credential acquisition. PARAMETERS
The parameter descriptions for gss_acquire_cred() follow: desired_name The name of the principal for which a credential should be acquired. time_req The number of seconds that credentials remain valid. Specify GSS_C_INDEFINITE to request that the credentials have the maximum permitted lifetime desired_mechs The set of underlying security mechanisms that may be used. GSS_C_NO_OID_SET may be used to obtain a default. cred_usage A flag that indicates how this credential should be used. If the flag is GSS_C_ACCEPT, then credentials will be used only to accept security credentials. GSS_C_INITIATE indicates that credentials will be used only to initiate security credentials. If the flag is GSS_C_BOTH, then credentials may be used either to initiate or accept security contexts. output_cred_handle The returned credential handle. Resources associated with this credential handle must be released by the application after use with a call to gss_release_cred(3GSS) actual_mechs The set of mechanisms for which the credential is valid. Storage associated with the returned OID-set must be released by the application after use with a call to gss_release_oid_set(3GSS). Specify NULL if not required. time_rec Actual number of seconds for which the returned credentials will remain valid. Specify NULL if not required. minor_status Mechanism specific status code. ERRORS
gss_acquire_cred() may return the following status code: GSS_S_COMPLETE Successful completion. GSS_S_BAD_MECH An unavailable mechanism has been requested. GSS_S_BAD_NAMETYPE The type contained within the desired_name parameter is not supported. GSS_S_BAD_NAME The value supplied for desired_name parameter is ill formed. GSS_S_CREDENTIALS_EXPIRED The credentials could not be acquired because they have expired. GSS_S_NO_CRED No credentials were found for the specified name. GSS_S_FAILURE The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism- specific status code reported by means of the minor_status parameter details the error condition. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWgss (32-bit) | +-----------------------------+-----------------------------+ | |SUNWgssx (64-bit) | +-----------------------------+-----------------------------+ |MT-Level |Safe | +-----------------------------+-----------------------------+ SEE ALSO
gss_accept_sec_context(3GSS), gss_init_sec_context(3GSS), gss_inquire_context(3GSS), gss_inquire_cred(3GSS), gss_release_cred(3GSS), gss_release_oid_set(3GSS), attributes(5) Solaris Security for Developers Guide SunOS 5.11 14 Jan 2003 gss_acquire_cred(3GSS)
Man Page