gssdce_set_cred_context_ownership(3sec) — Subroutines
NAME
gssdce_set_cred_context_ownership — Changes the ownership of a DCE credential’s login context
Synopsis
OM_uint32 gssdce_set_cred_context_ownership(
OM_uint32 ∗minor_status,
gss_cred_id_t credential_handle,
int ownership);
Parameters
Input
credential_handle
Specifies the handle of the DCE credential to be modified.
ownershipSpecifies the owner of the DCE credential. Specify one of the following:
GSSDCE_C_OWNWERSHIP_GSSAPI
Specifies that the credential’s login context is owned by the generic security service application programming interface (GSSAPI).
GSSDCE_C_OWNERSHIP_APPLICATION
Specifies that the credential’s login context is owned by the application.
Output
minor_status
Returns a status code from the security mechanism.
Description
The gssdce_set_cred_context_ownership() routine modifies the ownership of a DCE credential’s login context. INIT type and BOTH type credentials have DCE login contexts. Normally, these internal login contexts are deleted when the credential is released (when the application calls the gss_release_cred() routine). However, for credentials created by the gssdce_cred_to_login_context() and credentials passsed to the gsscdce_cred_to_login_context()routine, the application may have an external reference to the credential’s login context and may still be using the login context. The GSSAPI will not delete internal login contexts of these credentials when they are released.
This routine allows the application to modify the ownership of a credential’s login context. If ownership is changed to GSSDCE_C_OWNERSHIP_GSSAPI, the login context is deleted when GSSAPI releases the credential. If ownership is changed to GSSDCE_C_OWNERSHIP_APPLICATION, the application is responsible for deleting the login context. DCE credential login contexts that are owned by an application must not be deleted until the credential is released since the GSSAPI may still need to access the credential’s login context.
Related Information
Functions: gss_acquire_cred(3sec), gss_release_buffer(3sec), gssdce_cred_to_login_context(3sec).