Index Index for
Section 3
Index Alphabetical
listing for G
Bottom of page Bottom of
page		 

gss_export_sec_context(3)


NAME

  gss_export_sec_context - Prepare security context for transfer to another
  process.


SYNOPSIS

  #include <gssapi/gssapi.h>

  OM_uint32 gss_export_sec_context(
	  OM_uint32 * minor_status,
	  gss_ctx_id_t * context_handle,
	  gss_buffer_t interprocess_token );


PARAMETERS

  minor_status
	  Kerberos 5 error code.

  context_handle
	  Security context to be transferred. After the context is
	  transferred, this parameter is set to GSS_C_NO_CONTEXT.

  interprocess_token
	  Token to be transferred to the target process.

	  The application must release the storage associated with the token
	  after use with a call to gss_release_buffer().


DESCRIPTION

  The gss_export_sec_context() function prepares a security context for
  transfer to another process. It is typically used by the context acceptor
  in an application where a single process receives incoming connection
  requests and accepts security contexts over them. The initial process then
  passes the established context to another process for message exchange.

  This function disables the security context for the calling process and
  creates an interprocess token that, when passed to gss_import_sec_context()
  in another process, re-enables the context in the second process.  Only a
  single instance of a given security context may be active at any time; a
  subsequent attempt by a context exporter to access the exported security
  context will fail.

  The interprocess token may contain security-sensitive information such as a
  cryptographic key. Therefore, the application must take care to protect the
  interprocess token and to ensure that any process to which the token is
  transferred is trustworthy. In addition, this token should not be
  transferred over a network in an insecure manner.

  If creation of the interprocess token is successful, all process-wide
  resources associated with the security context are deallocated and the
  context_handle parameter is set to GSS_C_NO_CONTEXT.	The security context
  is not deleted until the exported security context token is created. If an
  error occurs that makes it impossible to complete the export of the
  security context, the original context is returned unchanged.

  After use, the application must release the storage associated with the
  token with a call to gss_release_buffer().


RETURN VALUES

  GSS_S_CALL_INACCESSIBLE_READ	  01xxxxxx
  GSS_S_CALL_INACCESSIBLE_WRITE	  02xxxxxx
  GSS_S_COMPLETE		  00000000
  GSS_S_FAILURE			  xx0Dxxxx
  GSS_S_NO_CONTEXT		  xx08xxxx
  GSS_S_UNAVAILABLE		  xx10xxxx


PORTABILITY CONSIDERATIONS

  This function exports a token that can only be shared with other HP
  Application Security SDK implementations.


SEE ALSO

  Functions:  gss_accept_sec_context(3), gss_import_sec_context(3),
  gss_init_sec_context(3), gss_release_buffer(3)

Index Index for
Section 3
Index Alphabetical
listing for G
Top of page Top of
page