Index Index for
Section 3
Index Alphabetical
listing for G
Bottom of page Bottom of
page		 

gss_inquire_cred_by_mech(3)


NAME

  gss_inquire_cred_by_mech - obtain information about credentials for a
  specific security mechanism


SYNOPSIS

  #include <gssapi/gssapi.h>

  OM_uint32 gss_inquire_cred_by_mech(
	  OM_uint32 * minor_status,
	  const gss_cred_id_t cred_handle,
	  const gss_OID mech_type,
	  gss_name_t * name,
	  OM_uint32 * initiator_lifetime,
	  OM_uint32 * acceptor_lifetime,
	  gss_cred_usage_t * cred_usag );


PARAMETERS

  minor_status
	  Kerberos 5 error code.

  cred_handle
	  Credentials being queried. If GSS_C_NO_CREDENTIALS is specified,
	  the default initiator credentials are used.

  mech_type
	  Object identifier (OID) set of security mechanisms for the
	  credentials being queried. Specify rfc_krb5_c_OID_set for Kerberos
	  5.

  name	  The principal name whose identity the credentials represent. This
	  name is an internal form name. Specify NULL if this information is
	  not required.

	  The storage associated with this name should be freed by the
	  application after use with a call to gss_release_name().

  initiator_lifetime
	  The number of seconds remaining in the lifetime of initiator
	  credentials under the specified mechanism. If the credentials have
	  expired, a value of zero is returned. Specify NULL if this
	  information is not required.

  acceptor_lifetime
	  The number of seconds remaining in the lifetime of acceptor
	  credentials under the specified mechanism. Since the HP
	  implementation of the GSS-API does not support credentials
	  expiration for acceptors, a value of GSS_C_INDEFINITE is always
	  returned.

  cred_usage
	  How the credentials may be used. Specify NULL if this information
	  is not required.

	    ·  GSS_C_BOTH -- Credentials may be used to either initiate or
	       accept security contexts.

	    ·  GSS_C_INITIATE -- Credentials may be used only to initiate
	       security contexts.

	    ·  GSS_C_ACCEPT--  Credentials may be used only to accept
	       security contexts.


DESCRIPTION

  The gss_inquire_cred_by_mech() function obtains information about
  credentials for a specified security mechanism. This information includes
  the principal name whose identity the credentials represent, the remaining
  validity period (initiators only), and the credentials usage.

  With Kerberos 5, the credential that is queried is the TGT, not service
  tickets.

  Before calling this function, the application must first acquire
  credentials.

  To avoid memory leaks, the application must release the storage associated
  with the name parameter with a call to gss_release_name() after use.


RETURN VALUES

  GSS_S_BAD_MECH		  xx01xxxx
  GSS_S_CALL_INACCESSIBLE_READ	  01xxxxxx
  GSS_S_CALL_INACCESSIBLE_WRITE	  02xxxxxx
  GSS_S_COMPLETE		  00000000
  GSS_S_DEFECTIVE_CREDENTIAL	  xx0Axxxx
  GSS_S_FAILURE			  xx0Dxxxx
  GSS_S_NO_CRED			  xx07xxxx


SEE ALSO

  Functions:  gss_acquire_cred(3), gss_inquire_cred(3), gss_release_name(3),
  gss_release_oid_set(3)

Index Index for
Section 3
Index Alphabetical
listing for G
Top of page Top of
page