Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ gss_acquire_cred(3sec) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

gss_acquire_cred(3sec)  —  Subroutines

NAME

gss_acquire_cred — Allows an application to acquire a handle for an existing named credential

Synopsis

OM_uint32  gss_acquire_cred(
OM_uint32 ∗minor_status,
gss_name_t desired_name,
OM_uint32 time_req,
gss_OID_set desired_mechs,
int cred_usage,
gss_cred_id_t ∗output_cred_handle,
gss_OID_set ∗actual_mechs,
OM_int32 ∗time_rec);

Parameters

Input

desired_name
Specifies the principal name to use for the credential.

time_reqSpecifies the number of seconds that credentials remain valid. 

desired_mechs
Specifies the object identifier (OID) set for the security mechanism to use with the credential, as follows:

DCE security
Specify GSS_C_NULL_OID_SET. 

KerberosSpecify GSSDCE_C_OID_KRBV5_DES. 

Both DCE security and Kerberos
Specify GSSDCE_C_OID_DCE_KRBV5_DES and GSSDCE_C_OID_KRBV5_DES. 

To help ensure portability of your application, request the default security mechanism by specifying GSS_C_NULL_OID_SET. 

cred_usageSpecify one of the following:

GSS_C_BOTH
Specifies credentials that the context initiator can use to either initiate or accept security contexts.

GSS_C_ACCEPT
Specifies credentials that the context initiator can use only to accept security contexts.

Output

output_cred_handle
Returns the handle for the return credential.

actual_mechs
Returns a set of mechanisms for which the credential is valid. This information is optional.  If you do not want a set of mechanisms returned, specify NULL.

time_recReturns the actual number of seconds for which the return credential remains valid.  This information is optional.  If the actual number of seconds is not required, specify NULL. 

minor_status
Returns a status code from the security mechanism.

Description

The gss_acquire_cred( ) routine allows an application to obtain a handle for either an ACCEPT or a BOTH credential.  The application then passes the credential handle to either the gss_init_sec_context() routine or the gss_accept_sec_context() routine. 

Credential handles created by the gss_acquire_cred() routine contain a principal name.  If the principal name is unregistered, the gss_acquire_cred() routine automatically registers the principal in the default key table.  You can change the principal’s key table by calling the gssdce_register_acceptor_identify() routine. 

To create an INITIATE credential, you must use the gssdce_login_context_to_cred() routine. 

Status Codes

The following describes a partial list of codes (messages) that might be returned.  Refer to the OSF DCE Problem Determination Guide for complete descriptions of all messages.  The following status codes can be returned:

GSS_S_COMPLETE
The routine was completed successfully.

GSS_S_BAD_MECH
The requested security mechanism is unsupported or unavailable.

GSS_S_BAD_NAMETYPE
The name passed by the desired_name parameter is unsupported. 

GSS_S_BAD_NAME
An invalid name was passed by the desired_name parameter. 

GSS_S_FAILURE
The routine failed.  See the minor_status parameter return value for more information. 

Related Information

Functions: gssdce_accept_sec_context(3sec), gssdce_create_empty_oid_set(3sec), gssdce_login_context_to_credential(3sec), gssdce_register_acceptor_identity(3sec), gss_init_sec_context(3sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026