Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
71727374757677787980
Introduction to the Kerberos Products and GSS-API
Generic Security Service Application Programming Interface (GSS-API)
Chapter 2 71
•“Context Level Services on page 71
•“Authentication Services on page 72
•“Confidentiality Service on page 72
•“Support Services on page 72
Credential Management Services
Credential management function calls acquire and release credentials by
principals.
Applications are responsible for establishing a security mechanism based
on the initial credentials. GSS-API mechanisms are responsible for
management of credentials on the local machine.
The GSS-API function calls for credential management are:
gss_acquire_cred: Obtain credentials for use
gss_release_cred: Release credentials after use
gss_add_cred: Adds credential elements incrementally
gss_inquire_cred: Display information about credentials
Context Level Services
Context level function calls manage security context between peers. A
contexts initiator calls gss_init_sec_context(), resulting in
generalization of a token that the caller passes to the target. The target
then passes the token to gss_accept_sec_context(). It can take
multiple exchanges of tokens to establish the security context depending
on the options used.
The GSS-API context level function calls are:
gss_init_sec_context: Initiate outbound security context
gss_accept_sec_context: Accept inbound security context
gss_delete_sec_context: Remove context that is no longer needed
gss_export_sec_context: Transfer context to other process
gss_import_sec_context: Import context from other process
gss_inquire_context: Display information about context