Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
61626364656667686970
Introduction to the Kerberos Products and GSS-API
Generic Security Service Application Programming Interface (GSS-API)
Chapter 2 65
gss_import_sec_context: Import context from other process
gss_inquire_context: Display information about context
gss_context_time: Indicate validity time remaining in context
Authentication Services
Two sets of per-message calls provide security to the context.
gss_get_mic() and gss_verify_mic() call provide the data origin
authentication and data integrity services. gss_wrap() and
gss_unwrap() described in the next section, support caller requested
confidentiality.
gss_get_mic() generates atoken. The peer that receivesthe application
data along with the message token verifies the communication using
gss_verify_mic().
Each deployment may select their own configurable Quality Of
Protection (QOP) options.
In summary, per-message calls that authenticate messages are:
gss_get_mic: Apply integrity check, receive as token separate from
message
gss_verify_mic: Validate integrity check token along with message.
Confidentiality Service
As mentioned previously, GSS-APIs provide confidentiality with
gss_wrap() and gss_unwrap(). The output of gss_wrap() is passed to
the remote peer encapsulated and optionally encrypted with the
associated token. This data element is an input to gss_unwrap() at the
target, where it is decapsulated or optionally decrypted.
In summary, the APIs for confidentiality service include the following:
gss_wrap: Sign, optionally encrypt, encapsulate
gss_unwrap: Decapsulate, decrypt if needed, validate integrity
check.
Support Services
GSS-API support services include the following APIs: