Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
61626364656667686970
Introduction to the Kerberos Products and GSS-API
Generic Security Service Application Programming Interface (GSS-API)
Chapter 2 69
With an Open System architecture, GSS-API provides portability in a
heterogeneous environment. It contains all the GSS-APIs specified in
RFC 2743. It is implemented as a package of C-language interfaces as
defined in RFC 2744, Generic Security Service API: C-bindings. The
Kerberos Version 5 GSS-API Mechanism is explained in RFC 1964.
GSS-API provides secure communication between two peers with a
security context established by an exchange of tokens. As shown in
Figure 2-5, GSS-API is independent of communication protocols. The
GSS-API libraries on the two hosts are responsible for creating and
processing the tokens, but the application is responsible for transporting
the tokens between the client and the server.
Figure 2-5 GSS-API
Operation
It is the GSS-API callers responsibility to transfer GSS-API-provided
data element to the peer end to parse communicated messages, and to
separate GSS-API related data elements from caller-provided data.
GSS-API provides either context level tokens or per-message tokens for
the caller to transport and get the results.
Application Application
GSS-API Transport Transport GSS-API
Mech-1 Mech-2 Mech-1 Mech-2