gss_acquire_cred man page on SmartOS

Printed from http://www.polarhome.com/service/man/?qf=gss_acquire_cred&af=0&tf=2&of=SmartOS

GSS_ACQUIRE_CRED(3GSS)					GSS_ACQUIRE_CRED(3GSS)

NAME
       gss_acquire_cred	 -  acquire  a handle for a pre-existing credential by
       name

SYNOPSIS
       cc [ flag... ] file... -lgss  [ library... ]
       #include <gssapi/gssapi.h>

       OM_uint32 gss_acquire_cred(OM_uint32 *minor_status,
	    const gss_name_t *desired_name, OM_uint32 time_req,
	    const gss_OID_set desired_mech, gss_cred_usage_t cred_usage,
	    gss_cred_id_t * output_cred_handle, gss_OID_set *actual_mechs,
	    OM_uint32 *time_rec);

DESCRIPTION
       The gss_acquire_cred() function allows an application to acquire a han‐
       dle for a pre-existing credential by name. This routine is not intended
       as a function to login to the network; a function for login to the net‐
       work  would involve creating new credentials rather than merely acquir‐
       ing a handle to existing credentials.

       If desired_name is GSS_C_NO_NAME, the call is interpreted as a  request
       for  a  credential handle that will invoke default behavior when passed
       to  gss_init_sec_context(3GSS)  (if  cred_usage	is  GSS_C_INITIATE  or
       GSS_C_BOTH)   or	  gss_accept_sec_context(3GSS)	 (if   cred_usage   is
       GSS_C_ACCEPT or GSS_C_BOTH).

       Normally gss_acquire_cred() returns a credential that is valid only for
       the  mechanisms	requested  by  the desired_mechs argument. However, if
       multiple mechanisms can share a single credential element, the function
       returns	all  the  mechanisms  for which the credential is valid in the
       actual_mechs argument.

       gss_acquire_cred() is intended to be used primarily by  context	accep‐
       tors,  since  the GSS-API routines obtain initiator credentials through
       the system login process. Accordingly, you may not acquire GSS_C_INITI‐
       ATE  or	GSS_C_BOTH  credentials by means of gss_acquire_cred() for any
       name  other  than  GSS_C_NO_NAME.   Alternatively,  you	 may   acquire
       GSS_C_INITIATE  or  GSS_C_BOTH  credentials  for	 a  name produced when
       gss_inquire_cred(3GSS) is  applied  to  a  valid	 credential,  or  when
       gss_inquire_context(3GSS) is applied to an active context.

       If credential acquisition is time-consuming for a mechanism, the mecha‐
       nism may choose to delay the actual acquisition until the credential is
       required,    for	  example,   by	  gss_init_sec_context(3GSS)   or   by
       gss_accept_sec_context(3GSS).  Such mechanism-specific  implementations
       are,  however,  invisible  to  the  calling application; thus a call of
       gss_inquire_cred(3GSS)	 immediately	following    the    call    of
       gss_acquire_cred()  will	 return	 valid	credential  data and incur the
       overhead of a deferred credential acquisition.

PARAMETERS
       The parameter descriptions for gss_acquire_cred() follow:

       desired_name
			     The name of the principal for which a  credential
			     should be acquired.

       time_req
			     The  number  of  seconds  that credentials remain
			     valid. Specify GSS_C_INDEFINITE  to request  that
			     the  credentials have the maximum permitted life‐
			     time

       desired_mechs
			     The set of underlying  security  mechanisms  that
			     may  be  used.   GSS_C_NO_OID_SET	may be used to
			     obtain a default.

       cred_usage
			     A flag that indicates how this credential	should
			     be	 used.	If the flag is GSS_C_ACCEPT, then cre‐
			     dentials will be used  only  to  accept  security
			     credentials.  GSS_C_INITIATE  indicates that cre‐
			     dentials will be used only to  initiate  security
			     credentials. If the flag is GSS_C_BOTH, then cre‐
			     dentials may be used either to initiate or accept
			     security contexts.

       output_cred_handle
			     The  returned credential handle.  Resources asso‐
			     ciated  with  this	 credential  handle  must   be
			     released by the application after use with a call
			     to gss_release_cred(3GSS)

       actual_mechs
			     The set of mechanisms for which the credential is
			     valid.  Storage associated with the returned OID-
			     set must be released by the application after use
			     with a call to  gss_release_oid_set(3GSS).	 Spec‐
			     ify NULL if not required.

       time_rec
			     Actual number of seconds for which	 the  returned
			     credentials  will	remain valid.  Specify NULL if
			     not required.

       minor_status
			     Mechanism specific status code.

ERRORS
       gss_acquire_cred() may return the following status code:

       GSS_S_COMPLETE
				     Successful completion.

       GSS_S_BAD_MECH
				    An	 unavailable   mechanism   has	  been
				    requested.

       GSS_S_BAD_NAMETYPE
				    The type contained within the desired_name
				    parameter is not supported.

       GSS_S_BAD_NAME
				    The value supplied for desired_name param‐
				    eter is ill formed.

       GSS_S_CREDENTIALS_EXPIRED
				    The	 credentials  could  not  be  acquired
				    because they have expired.

       GSS_S_NO_CRED
				    No credentials were found for  the	speci‐
				    fied name.

       GSS_S_FAILURE
				    The underlying mechanism detected an error
				    for which no specific GSS status  code  is
				    defined.   The  mechanism-specific	status
				    code reported by means of the minor_status
				    parameter details the error condition.

ATTRIBUTES
       See attributes(5)  for descriptions of the following attributes:

       ┌───────────────┬─────────────────┐
       │ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
       ├───────────────┼─────────────────┤
       │MT-Level       │ Safe		 │
       └───────────────┴─────────────────┘

SEE ALSO
       gss_accept_sec_context(3GSS),		   gss_init_sec_context(3GSS),
       gss_inquire_context(3GSS),		       gss_inquire_cred(3GSS),
       gss_release_cred(3GSS), gss_release_oid_set(3GSS), attributes(5)

       Solaris Security for Developers Guide

				 Jan 14, 2003		GSS_ACQUIRE_CRED(3GSS)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net