gss_accept_sec_context.3 (2010 09)
g
gss_accept_sec_context(3) gss_accept_sec_context(3)
NAME
gss_accept_sec_context( ) - establish a security context between the application and a context acceptor
SYNOPSIS
#include <gssapi.h>
OM_uint32 gss_accept_sec_context (
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
const gss_name_t *src_name,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
int *ret_flags,
OM_uint32 *time_rec
gss_cred_id_t *delegated_cred_handle)
DESCRIPTION
The gss_accept_sec_context()
routine is the second step in establishing a security context
between the context initiator and a context acceptor. In the first step, the context initiator calls the
gss_init_sec_context()
routine. The gss_init_sec_context() routine generates a token
for the security context and passes it to the context initiator. The context initiator sends the token to the
context acceptor.
In the second step, the context acceptor accepts the call from the context initiator and calls the
gss_accept_sec_context()
routine. The gss_accept_sec_context()
routine expects a
value for the input_token parameter. The value for the input_token parameter is generated by the
gss_init_sec_context()
routine and passed by the initiator to the acceptor.
The
gss_accept_sec_context()
routine can also return a value for the output_token parameter.
The context acceptor presents the token to the
gss_init_sec_context()
routine. If the acceptor
does not need to send a token to the initiator,
gss_accept_sec_context()
sets the length field of
the output_token parameter to 0 (zero).
To complete establishing the context, the context initiator can require one or more reply tokens from the
context acceptor. If the application requires reply tokens, the
gss_accept_sec_context()
routine
returns a status value containing
GSS_S_CONTINUE_NEEDED
. The application calls the routine again
when the reply token is received from the context acceptor. The application passes the token to the
gss_accept_sec_context()
routine via the output_token parameters.
The values returned using the src_name , ret_flags, time_rec , and delegated_cred_handle parameters are
not defined unless the routine returns the status,
GSS_S_COMPLETE
.
Input Parameters
acceptor_cred_handle Specifies the credential handle (the identity) claimed by the context acceptor.
This is optional information. The credential must be either an ACCEPT type
credential or a BOTH type credential. Specify
GSS_C_NO_CREDENTIAL,to
accept the context as default principal
input_token_buffer Specifies the token received from the context acceptor.
input_chan_bindings Specifies bindings supplied by the context initiator. Allows the context initiator to
bind the channel identification information securely to the security context. If no
channel bindings are used, specify
GSS_C_NO_CHANNEL_BINDINGS.
Input/Output Parameters
context_handle Specifies a context handle for a new context. The first time the context initiator
uses the routine, specify
GSS_C_NO_CONTEXT to set up a specific context. In
subsequent calls, use the value returned by this parameter.
Output Parameters
src_name Returns the authenticated name of the context initiator. This information is
optional. If the authenticated name is not required, specify NULL. To deallocate
the authenticated name, pass it to the
gss_release_name() routine.
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1