Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > G

gss_add_cred(3)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

gss_add_cred() — adds a credential-element to a credential

SYNOPSIS

#include <gssapi.h>

OM_uint32 gss_add_cred (

OM_uint32 *minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, const gss_OID desired_mech, gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec);

DESCRIPTION

The gss_add_cred() routine adds a credential-element to a credential. The credential-element is identified by the name of the principal to which it refers.

If desired_name is GSS_C_NO_NAME, the call is interpreted as a request to add a credential element that will invoke default behavior when passed to gss_init_sec_context() or gss_accept_sec_context(). This routine can be used to either compose a new credential containing all credential-elements of the original in addition to the newly-acquire credential-element, or to add the new credential- element to an existing credential. If NULL is specified for the output_cred_handle arameter argument, the new credential-element will be added to the credential identified by input_cred_handle; if a valid pointer is specified for the output_cred_handle parameter, a new credential handle will be created.

If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle, gss_add_cred() will compose a credential based on default behavior.

Input Parameters

input_cred_handle

Specifies the handle to credential structure to which a credential-element will be added. If GSS_C_NO_CREDENTIAL is specified, the routine will compose the new credential based on default behavior

desired_name

Specifies the principal name whose credential should be acquired.

desired_mechs

Specifies the OID set for the security mechanism for which the new credential may be used.

initiator_time_req

Specifies the number of seconds that credentials remain valid. for initiating security contexts. This argument is ignored if the composed credentials are of type GSS_C_ACCEPT. Specify GSS_C_INDEFINITE to request that the credentials have the maximum permitted initiator lifetime.

acceptor_time_req

Specifies the number of seconds that credentials remain valid. for accepting security contexts. This argument is ignored if the composed credentials are of type GSS_C_INITIATE. Specify GSS_C_INDEFINITE to request that the credentials have the maximum permitted acceptor lifetime.

cred_usage

Specify one of the following:

GSS_C_BOTH

Specifies credentials that the context initiator can use to either initiate or accept security contexts.

GSS_C_INITIATE

Specifies credentials that the context initiator can use only to initiate security contexts.

GSS_C_ACCEPT

Specifies credentials that the context initiator can use only to accept security contexts.

Output Parameters

output_cred_handle

The returned credential handle, containing the new credential-element and all the credential-elements from input_cred_handle. If NULL is specified for this parameter, the newly acquired credential-element will be added to the credential identified by input_cred_handle.

actual_mechs

Returns a set of mechanisms for which the credential is valid. This information is optional. If you do not want a set of mechanisms returned, specify NULL.

initiator_time_rec

Specifies the actual number of seconds that credentials remain valid for initiating security contexts using the specified mechanism. If the implementation or mechanism does not support expiration of credentials, the value GSS_C_INDEFINITE will be returned.

acceptor_time_rec

Specifies the actual number of seconds that credentials remain valid for accepting security contexts using the specified mechanism. If the implementation or mechanism does not support expiration of credentials, the value GSS_C_INDEFINITE will be returned.

minor_status

Returns a status code from the security mechanism.

STATUS CODES

The following list explains the GSS status codes that can be returned:

GSS_S_COMPLETE

The routine was completed successfully.

GSS_S_BAD_MECH

The requested security mechanism is unsupported or unavailable.

GSS_S_BAD_NAMETYPE

The name passed by the desired_name parameter is unsupported.

GSS_S_BAD_NAME

An invalid name was passed by the desired_name parameter.

GSS_S_DUPLICATE_ELEMENT

The credential already contains an element for the requested mechanism with overlapping usage and validity period.

GSS_S_CREDENTIALS_EXPIRED

The required credentials could not be added because they have expired.

GSS_S_NO_CRED

No credentials were found for the specified name.

AUTHOR

gss_add_cred() was developed by Sun Microsystems, Inc.

SEE ALSO

gss_init_sec_context(3).

The manpages for DCE-GSSAPI are included with the DCE-CoreTools product. To see those manpages add /opt/dce/share/man to MANPATH.



gss_acquire_cred
  		 


gss_add_oid_set_member  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.