gss_inquire_cred(3) — Subroutines
NAME
gss_inquire_cred − Obtain information about credentials.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred(
OM_uint32 ∗ minor_status,
const gss_cred_id_t cred_handle,
gss_name_t ∗ name,
OM_uint32 ∗ lifetime,
gss_cred_usage_t ∗ cred_usage,
gss_OID_set ∗ mechanisms );
PARAMETERS
minor_status
Kerberos 5 error code.
cred_handle
Credentials being queried. If GSS_C_NO_CREDENTIALS is specified, the default initiator credentials are used.
nameThe principal name whose identity the credentials represent. This name is an internal form name.
The storage associated with this name should be freed by the application after use with a call to gss_release_name().
lifetimeThe number of seconds remaining in the lifetime of the credentials. If the credentials have expired, a value of zero is returned. Specify NULL for this parameter if this information is not required.
This parameter is valid only for initiator credentials. The HP implementation of the GSS-API does not support credentials expiration for acceptor credentials. A value of GSS_C_INDEFINITE is always returned for acceptor credentials.
cred_usage
How the credentials may be used. Specify NULL if this information is not required.
•GSS_C_BOTH −− Credentials may be used to either initiate or accept security contexts.
•GSS_C_INITIATE −− Credentials may be used only to initiate security contexts.
•GSS_C_ACCEPT−− Credentials may be used only to accept security contexts.
mechanisms
Object identifier (OID) set of security mechanisms supported by the credentials. The HP implementation of the GSS-API supports Kerberos 5.
The storage associated with this OID set should be freed by the application after use with a call to gss_release_oid_set().
DESCRIPTION
The gss_inquire_cred() function obtains information about credentials. This information includes the principal name whose identity the credentials represent, the remaining validity period (initiators only), the credentials usage, and the security mechanisms supported.
With Kerberos 5, the credential that is queried is the TGT, not service tickets.
To avoid memory leaks, the application must release the storage associated with the name parameter with a call to gss_release_name() after use. Similarly, the storage associated with mechanisms OID set must be released with a call to gss_release_oid_set().
RETURN VALUES
| GSS_S_CALL_INACCESSIBLE_READ | 01xxxxxx |
| GSS_S_CALL_INACCESSIBLE_WRITE | 02xxxxxx |
| GSS_S_COMPLETE | 00000000 |
| GSS_S_DEFECTIVE_CREDENTIAL | xx0Axxxx |
| GSS_S_FAILURE | xx0Dxxxx |
| GSS_S_NO_CRED | xx07xxxx |
SEE ALSO
Functions: gss_acquire_cred(3), gss_inquire_cred_by_mech(3), gss_release_name(3), gss_release_oid_set(3)