Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

libgss(3lib) [opensolaris man page]

libgss(3LIB)							Interface Libraries						      libgss(3LIB)

NAME
libgss - Generic Security Services library SYNOPSIS
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> DESCRIPTION
The functions in this library are the routines that comprise the Generic Security Services library. When libgss fails to load or initialize a mechanism listed in /etc/gss/mech, a message is sent to syslog(3C). INTERFACES
The shared object libgss.so.1 provides the public interfaces defined below. See Intro(3) for additional information on shared object inter- faces. GSS_C_NT_ANONYMOUS GSS_C_NT_EXPORT_NAME GSS_C_NT_HOSTBASED_SERVICE GSS_C_NT_MACHINE_UID_NAME GSS_C_NT_STRING_UID_NAME GSS_C_NT_USER_NAME gss_accept_sec_context gss_acquire_cred gss_add_cred gss_add_oid_set_member gss_canonicalize_name gss_compare_name gss_context_time gss_create_empty_oid_set gss_delete_sec_context gss_display_name gss_display_status gss_duplicate_name gss_export_name gss_export_sec_context gss_get_mic gss_import_name gss_import_sec_context gss_indicate_mechs gss_init_sec_context gss_inquire_context gss_inquire_cred gss_inquire_cred_by_mech gss_inquire_mechs_for_name gss_inquire_names_for_mech gss_process_context_token gss_release_buffer gss_release_cred gss_release_name gss_release_oid gss_release_oid_set gss_seal gss_sign gss_store_cred gss_test_oid_set_member gss_unseal gss_unwrap gss_verify gss_verify_mic gss_wrap gss_wrap_size_limit FILES
/usr/lib/libgss.so.1 shared object /usr/lib/64/libgss.so.1 64-bit shared object file ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWgss (32-bit) | +-----------------------------+-----------------------------+ | |SUNWgssx (64-bit) | +-----------------------------+-----------------------------+ |MT-Level |Safe | +-----------------------------+-----------------------------+ SEE ALSO
pvs(1), Intro(2), Intro(3), syslog(3C), attributes(5) Solaris Security for Developers Guide SunOS 5.11 11 Aug 2004 libgss(3LIB)

Check Out this Related Man Page

GSSAPI(3)						   BSD Library Functions Manual 						 GSSAPI(3)

NAME
gssapi -- Generic Security Service Application Program Interface library LIBRARY
GSS-API Library (libgssapi, -lgssapi) DESCRIPTION
The Generic Security Service Application Program Interface (GSS-API) provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. The GSS-API implementation in Heimdal implements the Kerberos 5 and the SPNEGO GSS-API security mechanisms. LIST OF FUNCTIONS
These functions constitute the gssapi library, libgssapi. Declarations for these functions may be obtained from the include file gssapi.h. Name/Page gss_accept_sec_context(3) gss_acquire_cred(3) gss_add_cred(3) gss_add_oid_set_member(3) gss_canonicalize_name(3) gss_compare_name(3) gss_context_time(3) gss_create_empty_oid_set(3) gss_delete_sec_context(3) gss_display_name(3) gss_display_status(3) gss_duplicate_name(3) gss_export_name(3) gss_export_sec_context(3) gss_get_mic(3) gss_import_name(3) gss_import_sec_context(3) gss_indicate_mechs(3) gss_init_sec_context(3) gss_inquire_context(3) gss_inquire_cred(3) gss_inquire_cred_by_mech(3) gss_inquire_mechs_for_name(3) gss_inquire_names_for_mech(3) gss_krb5_ccache_name(3) gss_krb5_compat_des3_mic(3) gss_krb5_copy_ccache(3) gss_krb5_extract_authz_data_from_sec_context(3) gss_krb5_import_ccache(3) gss_process_context_token(3) gss_release_buffer(3) gss_release_cred(3) gss_release_name(3) gss_release_oid_set(3) gss_seal(3) gss_sign(3) gss_test_oid_set_member(3) gss_unseal(3) gss_unwrap(3) gss_verify(3) gss_verify_mic(3) gss_wrap(3) gss_wrap_size_limit(3) COMPATIBILITY
The Heimdal GSS-API implementation had a bug in releases before 0.6 that made it fail to inter-operate when using DES3 with other GSS-API implementations when using gss_get_mic() / gss_verify_mic(). It is possible to modify the behavior of the generator of the MIC with the krb5.conf configuration file so that old clients/servers will still work. New clients/servers will try both the old and new MIC in Heimdal 0.6. In 0.7 it will check only if configured - the compatibility code will be removed in 0.8. Heimdal 0.6 still generates by default the broken GSS-API DES3 mic, this will change in 0.7 to generate correct des3 mic. To turn on compatibility with older clients and servers, change the [gssapi] broken_des3_mic in krb5.conf that contains a list of globbing expressions that will be matched against the server name. To turn off generation of the old (incompatible) mic of the MIC use [gssapi] correct_des3_mic. If a match for a entry is in both [gssapi] correct_des3_mic and [gssapi] broken_des3_mic, the later will override. This config option modifies behaviour for both clients and servers. Microsoft implemented SPNEGO to Windows2000, however, they managed to get it wrong, their implementation didn't fill in the MechListMIC in the reply token with the right content. There is a work around for this problem, but not all implementation support it. Heimdal defaults to correct SPNEGO when the the kerberos implementation uses CFX, or when it is configured by the user. To turn on compati- bility with peers, use option [gssapi] require_mechlist_mic. EXAMPLES
[gssapi] broken_des3_mic = cvs/*@SU.SE broken_des3_mic = host/*@E.KTH.SE correct_des3_mic = host/*@SU.SE require_mechlist_mic = host/*@SU.SE BUGS
All of 0.5.x versions of heimdal had broken token delegations in the client side, the server side was correct. SEE ALSO
krb5(3), krb5.conf(5), kerberos(8) BSD
April 20, 2005 BSD
Man Page