gssdce_set_cred_context_ownership(3sec)
Changes the ownership of a DCE credential's login context
Synopsis
#include <dce/gssapi.h>
OM_uint32 gssdce_set_cred_context_ownership (
OM_uint32 *minor_status,
gss_cred_id_t credential_handle,
int ownership);
Parameters
Input
credential_handle
Specifies the handle of the DCE credential to be modified.
ownership
Specifies the owner of the DCE credential. Specify one of the following:
| GSSDCE_C_OWNWERSHIP_GSSAPI | Specifies that the credential's login context is owned by GSSAPI. |
| GSSDCE_C_OWNERSHIP_APPLICATION | Specifies that the credential's login context is owned by the application. |
minor_status
Returns a status code from the security mechanism.
Description
The gssdce_set_cred_context_ownership( ) routine modifies the ownership of a DCE credential's login context. INIT type and BOTH type
credentials have DCE login contexts. Normally, these internal login contexts are deleted when the credential is released (when the application calls the gss_release_cred( ) routine).
However, for credentials created by the gssdce_cred_to_login_context( ) and credentials passed to the gsscdce_cred_to_login_context( )routine, the application may have an external
reference to the credential's login context and may still be using the login context. GSSAPI will not delete internal login contexts of these credentials when they are released.
This routine allows the application to modify the ownership of a credential's login context. If ownership is changed to GSSDCE_C_OWNERSHIP_GSSAPI, the login context is deleted when GSSAPI releases the credential. If ownership is changed to GSSDCE_C_OWNERSHIP_APPLICATION, the application is responsible for deleting the login context. DCE credential login contexts that are owned by an application must not be deleted until the credential is released since GSSAPI may still need to access the credential's login context.
Related Information
Functions:
gssdce_cred_to_login_context(3sec)