HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

181

182

183

184

185

186

187

188

189

190

gssapi(5) gssapi(5)

The gss_ctx_id_t data type contains an atomic value that identiﬁes one end of a GSSAPI security con-

text. The data type is opaque to the caller.

Authentication Tokens

GSSAPI uses tokens to maintain the synchronization between the applications sharing a security context.

The token is a cryptographically protected bit string generated by the security mechanism at one end of the

GSSAPI security context for use by the peer application at the other end of the security context. The data

type is opaque to the caller.

The applications use the gss_buffer_t data type as tokens to GSSAPI routines.

Major Status Values

GSSAPI routines return GSS status codes as their

OM_uint32 function value. These codes indicate

either generic API routine errors or calling errors.

A GSS status code can indicate a single, fatal generic API error from the routine and a single calling error.

Additional status information can also be contained in the GSS status code. The errors are encoded into a

32-bit GSS status code, as follows:

MSB LSB

+---------------------------------------------------+

| Calling Error | Routine Error | Supplementary Info|

+---------------------------------------------------+

Bit 31 24 23 16 15 0

If a GSSAPI routine returns a GSS status code whose upper 16 bits contain a nonzero value,means the call

has failed. If the calling error ﬁeld is nonzero, the context initiator’s use of the routine was in error. In

addition, the routine can indicate additional information by setting bits in the supplementary information

ﬁeld of the status code. The tables that follow describe the routine errors, calling errors, and supplemen-

tary information status bits and their meanings.

The following table lists the GSSAPI routine errors and their meanings:

GSSAPI Routine Errors

Field

Name Value Meaning

The required mechanism is unsupported.GSS_S_BAD_MECH 1

The name passed is invalid.GSS_S_NAME 2

The name passed is unsupported.GSS_S_NAMETYPE 3

The channel bindings are incorrect.GSS_S_BAD_BINDINGS 4

A status value was invalid.GSS_S_BAD_STATUS 5

A token had an invalid signature.GSS_S_BAD_SIG 6

No credentials were supplied.GSS_S_NO_CRED 7

No context has been established.GSS_S_NO_CONTEXT 8

A token was invalid.GSS_S_DEFECTIVE_TOKEN 9

A credential was invalid.GSS_S_DEFECTIVE_CREDENTIAL 10

The referenced credentials expired.GSS_S_CREDENTIALS_EXPIRED 11

The context expired.GSS_S_CONTEXT_EXPIRED 12

The routine failed. Check minor status codes.GSS_S_FAILURE 13

The quality of protection requested could not be provided.GSS_S_BAD_QOP 14

The operation is forbidded by local security policy.GSS_S_UNAUTHORIZED 15

HP-UX 11i Version 3: February 2007 − 4 − Hewlett-Packard Company 185