gss_init_sec_context.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

gss_init_sec_context(3) gss_init_sec_context(3)

NAME

gss_init_sec_context() - establish a security context between the context initiator and a context acceptor

SYNOPSIS

#include <gssapi.h>

OM_uint32 gss_init_sec_context (

OM_uint32 *minor_status,

const gss_cred_id_t claimant_cred_handle,

gss_ctx_id_t *context_handle,

gss_name_t target_name,

const gss_OID mech_type,

int req_flags,

int time_req,

const gss_channel_bindings_t input_channel_bindings,

const gss_buffer_t input_token,

gss_OID *actual_mech_types,

gss_buffer_t output_token,

int *ret_flags,

OM_int32 *time_rec)

DESCRIPTION

The gss_init_sec_context()

routine is the ﬁrst step in the establishment of a security context

between the context initiator and the context acceptor. To ensure the portability of the application, use

its default credential by supplying

GSS_C_NO_CREDENTIAL

to the claimant_cred_handle parameter.

Specify an explicit credential when the application needs an additional credential; for example, to use

delegation.

The ﬁrst time the application calls the

gss_init_sec_context()

routine, specify the input_token

parameter as

GSS_NO_BUFFER. Calls to the routine can return an output_token for transfer to the con-

text acceptor. The context acceptor presents the token to the

gss_accept_sec_context()

routine.

If the context initiator does not require a token,

gss_init_sec_context()

sets the length ﬁeld of

the output_token argument to 0 (zero).

To complete establishing the context, the calling application can require one or more reply tokens from

the context acceptor. If the application requires reply tokens, the

gss_init_sec_context()

routine

returns a status value of

GSS_S_CONTINUE_NEEDED

. The application calls the routine again when the

reply token is received from the context acceptor and passes the token to the

gss_init_sec_context()

routine via the input_token parameter.

The values returned by the ret_ﬂags and time_rec parameters are not deﬁned unless the routine returns

the status

GSS_S_COMPLETE

If the initial call of

gss_init_sec_context()

fails, the call should not create a context object, and

should leave the value of the context_handle parameter set to

GSS_C_NO_CONTEXT

to indicate this.

Input Parameters

claimant_cred_handle Speciﬁes an optional handle for the credential. To use the default credential, sup-

ply

GSS_C_NO_CREDENTIAL. The credential handle created refers to the DCE

default login context. If no default initiator is deﬁned, the function will return

GSS_S_NO_CRED.

target_name Speciﬁes the name of the context acceptor.

mech_type Speciﬁes the security mechanism. Supply

GSS_C_NO_OID to obtain an imple-

mentation speciﬁc default.

req_flags Speciﬁes independent ﬂags, each of which requests that the context support a ser-

vice option. The following symbolic names are provided to correspond to each

ﬂag. The symbolic names should be logically ORed to form a bit-mask value.

GSS_C_DELEG_FLAG. The True/False values are:

True Credentials were delegated to the context acceptor.

False No credentials were delegated.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
gss_init_sec_context(3) gss_init_sec_context(3) NAME gss_init_sec_context() - establish a security context between the context initiator and a context acceptor SYNOPSIS #include
PAGE 2
gss_init_sec_context(3) gss_init_sec_context(3) GSS_C_MUTUAL_FLAG. The True/False values are: True The context acceptor has been asked to authenticate itself. False The context initiator has not been asked to authenticates itself. GSS_C_REPLAY_FLAG. The True/False values are: True Replayed signed or sealed messages will be detected. False Replayed messages will not be detected. GSS_C_SEQUENCE_FLAG. The True/False values are: True Out-of-sequence signed or sealed messages will be detected.
PAGE 3
gss_init_sec_context(3) gss_init_sec_context(3) True Replayed signed or sealed messages will be detected. False Replayed messages will not be detected. GSS_C_SEQUENCE_FLAG. The True/False values are: True Out-of-sequence signed or sealed messages will be detected. False Out-of-sequence signed or sealed messages will not be detected. GSS_C_CONF_FLAG. The True/False values are: True Confidentiality service can be invoked by calling the gss_seal() routine.
PAGE 4
gss_init_sec_context(3) gss_init_sec_context(3) called again with a token required from the context acceptor. GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired. GSS_S_DEFECTIVE_CREDENTIAL Consistency checks performed on the credential failed. GSS_S_DEFECTIVE_TOKEN Consistency checks performed on the input_token parameter failed. GSS_S_DUPLICATE_TOKEN The input_token parameter was already processed. This is a fatal error that occurs during context establishment.