Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Introduction to the Kerberos Products and GSS-API
Generic Security Service Application Programming Interface (GSS-API)
Chapter 264
• Credential Management Services
• Context-Level Services
• Authentication Services
• Confidentiality Services
• Support Services
These services are discussed in detail in the subsequent sections.
Credential Management Services
Credential-management calls provide functions to acquire and release
credentials by principals.
Applications are responsible for establishing a security mechanism
based on the initial credentials. GSS-API mechanisms are responsible
for management of credentials on the local machine.
The GSS-API calls for credential management are:
• gss_acquire_cred: Obtain credentials for use
• gss_release_cred: Release credentials after use
• gss_add_cred: Adds credential elements incrementally
• gss_inquire_cred: Display information about credentials
Context-Level Services
Context-level calls manage security context between peers. A context’s
initiator calls gss_init_sec_context(), resulting in generalization of a
token that the caller passes to the target. The target then passes the
token to gss_accept_sec_context(). It may take multiple exchanges of
tokens to establish the security context depending on the options used.
The GSS-API context level calls are:
• gss_init_sec_context: Initiate outbound security context
• gss_accept_sec_context: Accept inbound security context
• gss_delete_sec_context: Remove context that are no longer
needed
• gss_export_sec_context: Transfer context to other process