Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ gss_inquire_cred(3) — Tru64 UNIX 5.1b

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Functions:  gss_acquire_cred(3)

gss_inquire_cred_by_mech(3)

gss_release_name(3)

gss_release_oid_set(3)

gss_inquire_cred(3)  —  Subroutines

NAME

gss_inquire_cred − Obtain information about credentials. 

SYNOPSIS

#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred(
        OM_uint32 ∗ minor_status,
        const gss_cred_id_t cred_handle,
        gss_name_t ∗ name,
        OM_uint32 ∗ lifetime,
        gss_cred_usage_t ∗ cred_usage,
        gss_OID_set ∗ mechanisms );

PARAMETERS

minor_status
Kerberos 5 error code.

cred_handle
Credentials being queried. If GSS_C_NO_CREDENTIALS is specified, the default initiator credentials are used. 

nameThe principal name whose identity the credentials represent. This name is an internal form name. 

The storage associated with this name should be freed by the application after use with a call to gss_release_name(). 

lifetimeThe number of seconds remaining in the lifetime of the credentials. If the credentials have expired, a value of zero is returned. Specify NULL for this parameter if this information is not required. 

This parameter is valid only for initiator credentials. The HP implementation of the GSS-API does not support credentials expiration for acceptor credentials. A value of GSS_C_INDEFINITE is always returned for acceptor credentials. 

cred_usage
How the credentials may be used. Specify NULL if this information is not required. 

       •GSS_C_BOTH −− Credentials may be used to either initiate or accept security contexts. 

       •GSS_C_INITIATE −− Credentials may be used only to initiate security contexts. 

       •GSS_C_ACCEPT−−  Credentials may be used only to accept security contexts. 

mechanisms
Object identifier (OID) set of security mechanisms supported by the credentials. The HP implementation of the GSS-API supports Kerberos 5.

The storage associated with this OID set should be freed by the application after use with a call to gss_release_oid_set(). 

DESCRIPTION

The gss_inquire_cred() function obtains information about credentials. This information includes the principal name whose identity the credentials represent, the remaining validity period (initiators only), the credentials usage, and the security mechanisms supported. 

With Kerberos 5, the credential that is queried is the TGT, not service tickets. 

To avoid memory leaks, the application must release the storage associated with the name parameter with a call to gss_release_name() after use. Similarly, the storage associated with mechanisms OID set must be released with a call to gss_release_oid_set(). 

RETURN VALUES

GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_DEFECTIVE_CREDENTIAL xx0Axxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CRED xx07xxxx

SEE ALSO

Functions:  gss_acquire_cred(3), gss_inquire_cred_by_mech(3), gss_release_name(3), gss_release_oid_set(3)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026