gssapi.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

gssapi(5) gssapi(5)

The operation is forbidded

by local security policy.

GSS_S_UNAUTHORIZED 15

The following table lists the calling error values and their meanings:

Calling Errors

Name Field Meaning

Value

Could not read a required

input parameter.

GSS_S_CALL_INACCESSIBLE_READ 1

Could not write a required

output parameter.

GSS_S_CALL_INACCESSIBLE_WRITE 2

A parameter was

incorrectly structured.

GSS_S_BAD_STRUCTURE 3

The following table lists the supplementary bits and their meanings.

Supplementary Information Status Bits

Name Bit Meaning

Number

Call the routine again to

complete its function.

GSS_S_CONTINUE_NEEDED 0 (LSB)

The token was a duplicate

of an earlier token.

GSS_S_DUPLICATE_TOKEN 1

The token’s validity period

expired; the routine cannot

verify that the token is not

a duplicate of an earlier

token.

GSS_S_OLD_TOKEN 2

A later token has been pro-

cessed.

GSS_S_UNSEQ_TOKEN 3

All

GSS_S_ symbols equate to complete OM_uint32 status codes, rather than to bitﬁeld values. For

example, the actual value of GSS_S_BAD_NAMETYPE

(value 3 in the routine error ﬁeld) is 3<<16.

The major status code

GSS_S_FAILURE

indicates that the underlying security mechanism has detected

an error for which no major status code is available. Check the minor status code for details about the

error. See the section on minor status values for more information.

The GSSAPI provides three macros:

GSS_CALLING_ERROR()

GSS_ROUTINE_ERROR()

GSS_SUPPLEMENTARY_INFO()

Each macro takes a GSS status code and masks all but the relevant ﬁeld. For example, when you use the

GSS_ROUTINE_ERROR() macro on a status code, it returns a value. The value of the macro is arrived

at by using only the routine errors ﬁeld and zeroing the values of the calling error and the supplementary

information ﬁelds.

An additional macro,

GSS_ERROR(), lets you determine whether the status code indicated a calling or

routine error. If the status code indicated a calling or routine error, the macro returns a nonzero value.

If no calling or routine error is indicated, the macro returns a 0 (zero).

NOTE: At times, a GSSAPI routine that is unable to access data can generate a platform-speciﬁc signal,

instead of returning a

GSS_S_CALL_INACCESSIBLE_READ or

GSS_S_CALL_INACCESSIBLE_WRITE status value.

Minor Status Values

The GSSAPI routines return a minor_status parameter to indicate errors from the underlying security

mechanism. The parameter can contain a single error, indicated by an

OM_uint32 datatype value.

Names

Names identify principals. The GSSAPI authenticates the relationship between a name and the principal

claiming the name.

HP-UX 11i Version 3: September 2010 − 5 − Hewlett-Packard Company 5