Manualshelf

HP-UX Reference (11i v1 00/12) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
71727374757677787980
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man5/!!!intro.5
________________________________________________________________
___ ___
g
gssapi(5) gssapi(5)
The gss_ctx_id_t data type contains an atomic value that identifies one end of a GSSAPI security con-
text. The data type is opaque to the caller.
Authentication Tokens
GSSAPI uses tokens to maintain the synchronization between the applications sharing a security context.
The token is a cryptographically protected bit string generated by the security mechanism at one end of the
GSSAPI security context for use by the peer application at the other end of the security context. The data
type is opaque to the caller.
The applications use the gss_buffer_t data type as tokens to GSSAPI routines.
Major Status Values
GSSAPI routines return GSS status codes as their OM_uint32 function value. These codes indicate
either generic API routine errors or calling errors.
A GSS status code can indicate a single, fatal generic API error from the routine and a single calling error.
Additional status information can also be contained in the GSS status code. The errors are encoded into a
32-bit GSS status code, as follows:
MSB LSB
+---------------------------------------------------+
| Calling Error | Routine Error | Supplementary Info|
+---------------------------------------------------+
Bit 31 24 23 16 15 0
If a GSSAPI routine returns a GSS status code whose upper 16 bits contain a nonzero value,means the call
has failed. If the calling error field is nonzero, the context initiator’s use of the routine was in error. In
addition, the routine can indicate additional information by setting bits in the supplementary information
field of the status code. The tables that follow describe the routine errors, calling errors, and supplemen-
tary information status bits and their meanings.
The following table lists the GSSAPI routine errors and their meanings:
Name Field Meaning
Value
The required mechanism is
unsupported.
GSS_S_BAD_MECH 1
The name passed is invalid.GSS_S_NAME 2
The name passed is unsup-
ported.
GSS_S_NAMETYPE 3
The channel bindings are
incorrect.
GSS_S_BAD_BINDINGS 4
A status value was invalid.GSS_S_BAD_STATUS 5
A token had an invalid sig-
nature.
GSS_S_BAD_SIG 6
No credentials were sup-
plied.
GSS_S_NO_CRED 7
No context has been esta-
blished.
GSS_S_NO_CONTEXT 8
A token was invalid.GSS_S_DEFECTIVE_TOKEN 9
A credential was invalid.GSS_S_DEFECTIVE_CREDENTIAL 10
The referenced credentials
expired.
GSS_S_CREDENTIALS_EXPIRED 11
The context expired.GSS_S_CONTEXT_EXPIRED 12
The routine failed. Check
minor status codes.
GSS_S_FAILURE 13
The quality of protection
requested could not be pro-
vided.
GSS_S_BAD_QOP 14
HP-UX Release 11i: December 2000 4 Section 559
___
___