Manualshelf

HP-UX 11i June 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
211212213214215216217218219220
Chapter 11 215
11 Security
Generic Security Services for Developing
Secure Applications (new at 11i original
release)
The Generic Security Services Application Programming Interface (GSS
API) is a newly introduced product for HP-UX 11i. It contains all the
GSS APIs as per RFC 2743 and is implemented as C programming
language interfaces as defined in the RFC 2744, “Generic Security
Service API: C-bindings”. It provides security services for applications
independent of various underlying security mechanisms. GSS API is also
independent of communication protocols. The GSS API is available as a
separate shared library. The security services available to an application
include authentication, integrity, and confidentiality services.
A set of GSS APIs is already available in libdce libraries which are a
part of the DCE Core product in this release as well as in previous
HP-UX releases. But these GSS APIs are dependent on the DCE security
mechanism and cannot be used as general purpose APIs since they work
with other security mechanisms.
Because of GSS API independence, an application developer writing
secure applications needs only to write the code once and does not need
to change it whenever the underlying security mechanism changes. This
will prove to be quite advantageous during this period where security
technology changes are rather frequent.
An application developer who uses the GSS APIC-binding interfaces will
need to include /usr/include/gssapi.h in the program and will need
to link with libgss.sl. The underlying security mechanism and its
library can be specified at run time in a configuration file called
/etc/gss/mech. The library will then dynamically load the
corresponding mechanism specific shared library (for example,
libgssapi_krb5.sl in the case of Kerberos). The default mechanism
configuration file is /etc/gss/mech, which can be altered with the
environment variable called GSSAPI_MECH_CONF.
In addition to this configuration file, there are two other configuration
files, namely /etc/gss/qop and /etc/gss/gsscred.conf for
libgss.sl: