gssapi.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

gssapi(5) gssapi(5)

The gss_ctx_id_t data type contains an atomic value that identiﬁes one end of a GSSAPI security

context. The data type is opaque to the caller.

Authentication Tokens

GSSAPI uses tokens to maintain the synchronization between the applications sharing a security context.

The token is a cryptographically protected bit string generated by the security mechanism at one end of

the GSSAPI security context for use by the peer application at the other end of the security context. The

data type is opaque to the caller.

The applications use the gss_buffer_t data type as tokens to GSSAPI routines.

Major Status Values

GSSAPI routines return GSS status codes as their

OM_uint32 function value. These codes indicate

either generic API routine errors or calling errors.

A GSS status code can indicate a single, fatal generic API error from the routine and a single calling

error. Additional status information can also be contained in the GSS status code. The errors are

encoded into a 32-bit GSS status code, as follows:

MSB LSB

+---------------------------------------------------+

| Calling Error | Routine Error | Supplementary Info|

+---------------------------------------------------+

Bit 31 24 23 16 15 0

If a GSSAPI routine returns a GSS status code whose upper 16 bits contain a nonzero value,means the

call has failed. If the calling error ﬁeld is nonzero, the context initiator’s use of the routine was in error.

In addition, the routine can indicate additional information by setting bits in the supplementary informa-

tion ﬁeld of the status code. The tables that follow describe the routine errors, calling errors, and supple-

mentary information status bits and their meanings.

The following table lists the GSSAPI routine errors and their meanings:

GSSAPI Routine Errors

Name Field Meaning

Value

The required mechanism is

unsupported.

GSS_S_BAD_MECH 1

The name passed is invalid.GSS_S_NAME 2

The name passed is unsup-

ported.

GSS_S_NAMETYPE 3

The channel bindings are

incorrect.

GSS_S_BAD_BINDINGS 4

A status value was invalid.GSS_S_BAD_STATUS 5

A token had an invalid sig-

nature.

GSS_S_BAD_SIG 6

No credentials were sup-

plied.

GSS_S_NO_CRED 7

No context has been esta-

blished.

GSS_S_NO_CONTEXT 8

A token was invalid.GSS_S_DEFECTIVE_TOKEN 9

A credential was invalid.GSS_S_DEFECTIVE_CREDENTIAL 10

The referenced credentials

expired.

GSS_S_CREDENTIALS_EXPIRED 11

The context expired.GSS_S_CONTEXT_EXPIRED 12

The routine failed. Check

minor status codes.

GSS_S_FAILURE 13

The quality of protection

requested could not be pro-

vided.

GSS_S_BAD_QOP 14

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010