gss_inquire_cred_by_mech(3) — Subroutines
NAME
gss_inquire_cred_by_mech − obtain information about credentials for a specific security mechanism
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred_by_mech(
OM_uint32 ∗ minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t ∗ name,
OM_uint32 ∗ initiator_lifetime,
OM_uint32 ∗ acceptor_lifetime,
gss_cred_usage_t ∗ cred_usag );
PARAMETERS
minor_status
Kerberos 5 error code.
cred_handle
Credentials being queried. If GSS_C_NO_CREDENTIALS is specified, the default initiator credentials are used.
mech_type
Object identifier (OID) set of security mechanisms for the credentials being queried. Specify rfc_krb5_c_OID_set for Kerberos 5.
nameThe principal name whose identity the credentials represent. This name is an internal form name. Specify NULL if this information is not required.
The storage associated with this name should be freed by the application after use with a call to gss_release_name().
initiator_lifetime
The number of seconds remaining in the lifetime of initiator credentials under the specified mechanism. If the credentials have expired, a value of zero is returned. Specify NULL if this information is not required.
acceptor_lifetime
The number of seconds remaining in the lifetime of acceptor credentials under the specified mechanism. Since the HP implementation of the GSS-API does not support credentials expiration for acceptors, a value of GSS_C_INDEFINITE is always returned.
cred_usage
How the credentials may be used. Specify NULL if this information is not required.
•GSS_C_BOTH −− Credentials may be used to either initiate or accept security contexts.
•GSS_C_INITIATE −− Credentials may be used only to initiate security contexts.
•GSS_C_ACCEPT−− Credentials may be used only to accept security contexts.
DESCRIPTION
The gss_inquire_cred_by_mech() function obtains information about credentials for a specified security mechanism. This information includes the principal name whose identity the credentials represent, the remaining validity period (initiators only), and the credentials usage.
With Kerberos 5, the credential that is queried is the TGT, not service tickets.
Before calling this function, the application must first acquire credentials.
To avoid memory leaks, the application must release the storage associated with the name parameter with a call to gss_release_name() after use.
RETURN VALUES
| GSS_S_BAD_MECH | xx01xxxx |
| GSS_S_CALL_INACCESSIBLE_READ | 01xxxxxx |
| GSS_S_CALL_INACCESSIBLE_WRITE | 02xxxxxx |
| GSS_S_COMPLETE | 00000000 |
| GSS_S_DEFECTIVE_CREDENTIAL | xx0Axxxx |
| GSS_S_FAILURE | xx0Dxxxx |
| GSS_S_NO_CRED | xx07xxxx |
SEE ALSO
Functions: gss_acquire_cred(3), gss_inquire_cred(3), gss_release_name(3), gss_release_oid_set(3)