gss_inquire_cred(3)gss_inquire_cred(3)NAMEgss_inquire_cred - Obtain information about credentials.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred(
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms );
PARAMETERS
Kerberos 5 error code. Credentials being queried. If GSS_C_NO_CREDEN‐
TIALS is specified, the default initiator credentials are used. The
principal name whose identity the credentials represent. This name is
an internal form name.
The storage associated with this name should be freed by the
application after use with a call to gss_release_name(). The
number of seconds remaining in the lifetime of the credentials.
If the credentials have expired, a value of zero is returned.
Specify NULL for this parameter if this information is not
required.
This parameter is valid only for initiator credentials. The HP
implementation of the GSS-API does not support credentials expi‐
ration for acceptor credentials. A value of GSS_C_INDEFINITE is
always returned for acceptor credentials. How the credentials
may be used. Specify NULL if this information is not required.
GSS_C_BOTH -- Credentials may be used to either initiate or
accept security contexts. GSS_C_INITIATE -- Credentials may be
used only to initiate security contexts. GSS_C_ACCEPT-- Cre‐
dentials may be used only to accept security contexts. Object
identifier (OID) set of security mechanisms supported by the
credentials. The HP implementation of the GSS-API supports Ker‐
beros 5.
The storage associated with this OID set should be freed by the
application after use with a call to gss_release_oid_set().
DESCRIPTION
The gss_inquire_cred() function obtains information about credentials.
This information includes the principal name whose identity the creden‐
tials represent, the remaining validity period (initiators only), the
credentials usage, and the security mechanisms supported.
With Kerberos 5, the credential that is queried is the TGT, not service
tickets.
To avoid memory leaks, the application must release the storage associ‐
ated with the name parameter with a call to gss_release_name() after
use. Similarly, the storage associated with mechanisms OID set must be
released with a call to gss_release_oid_set().
RETURN VALUES
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_DEFECTIVE_CREDENTIAL xx0Axxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CRED xx07xxxx
SEE ALSO
Functions: gss_acquire_cred(3), gss_inquire_cred_by_mech(3),
gss_release_name(3), gss_release_oid_set(3)gss_inquire_cred(3)
