NAME
rpc_gss_seccreate() — create a security context using the RPCSEC_GSS protocol
SYNOPSIS
#include <rpc/rpcsec_gss.h>
AUTH *rpc_gss_seccreate(
CLIENT *clnt,
char *principal,
char *mechanism,
rpc_gss_service_t service_type,
char *qop,
rpc_gss_options_req_t *options_req,
rpc_gss_options_ret_t *options_ret);
DESCRIPTION
rpc_gss_seccreate()
is used by an application to create a security context using the
RPCSEC_GSS
protocol, making use of the underlying
GSS-API
network layer.
rpc_gss_seccreate()
allows an application to specify the type of security mechanism (for example,
Kerberos v5), the type of service (for example, integrity checking) and the
Quality of Protection (QOP) desired for transferring data.
PARAMETERS
Information on
RPCSEC_GSS
data types for parameters may be found on the
rpcsec_gss(3N)
manpage.
- clnt
This is the RPC client handle.
clnt
may be obtained, for example, from
clnt_create().
- principal
This is the identity of the server principal, specified in the form
service@host,
where
service
is the name of the service the client wishes to access and
host
is the fully qualified name of the host where the service resides
(for example,
nfs@mymachine.eng.company.com).
- mechanism
This is an ASCII string which indicates which security mechanism to
use with this data.
Appropriate mechanisms may be found in the file
/etc/gss/mech.
Additionally,
rpc_gss_get_mechanisms()
returns a list of supported security mechanisms as NULL-terminated
strings.
- service_type
This sets the initial type of service for the session:
privacy, integrity, authentication, or none.
- qop
This is an ASCII string which sets the quality of protection (QOP)
for the session.
Appropriate values for this string may be found in the file
/etc/gss/qop.
Additionally, supported QOPs are returned as NULL-terminated strings by
rpc_gss_get_mech_info().
- options_req
This structure contains options which are passed directly to the
underlying
GSS-API
layer.
If the caller specifies NULL for this parameter, defaults are used.
- options_ret
These
GSS-API
options are returned to the caller.
If the caller does not need to see these options, then it may specify NULL
for this parameter.
MULTITHREAD USAGE
- Thread Safe:
Yes
- Cancel Safe:
Yes
- Fork Safe:
No
- Async-cancel Safe:
No
- Async-signal Safe:
No
These functions can be called safely in a multithreaded environment.
They may be cancellation points in that they call functions that are
cancel points.
In a multithreaded environment, these functions are
not safe to be called by a child process after
fork()
and before
exec().
These functions should not be called by a multithreaded application
that supports asynchronous cancellation or asynchronous signals.
RETURN VALUE
rpc_gss_seccreate()
returns a security context handle (an RPC authentication handle) of type
AUTH.
If
rpc_gss_seccreate()
cannot return successfully, the application can get an error number by calling
rpc_gss_get_error().
WARNINGS
Contexts may be destroyed normally, with
auth_destroy().
See the
auth_destroy(3N)
manpage.
FILES
- /etc/gss/mech
File containing valid security mechanisms.
- /etc/gss/qop
File containing valid QOP values.