gss_add_cred(3) gss_add_cred(3)
NAME [Toc] [Back]
gss_add_cred() - adds a credential-element to a credential
SYNOPSIS [Toc] [Back]
#include <gssapi.h>
OM_uint32 gss_add_cred (
OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec);
DESCRIPTION [Toc] [Back]
The gss_add_cred() routine adds a credential-element to a credential.
The credential-element is identified by the name of the principal to
which it refers.
If desired_name is GSS_C_NO_NAME, the call is interpreted as a request
to add a credential element that will invoke default behavior when
passed to gss_init_sec_context() or gss_accept_sec_context(). This
routine can be used to either compose a new credential containing all
credential-elements of the original in addition to the newly-acquire
credential-element, or to add the new credential- element to an
existing credential. If NULL is specified for the output_cred_handle
arameter argument, the new credential-element will be added to the
credential identified by input_cred_handle; if a valid pointer is
specified for the output_cred_handle parameter, a new credential
handle will be created.
If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle,
gss_add_cred() will compose a credential based on default behavior.
Input Parameters [Toc] [Back]
input_cred_handle Specifies the handle to credential structure to
which a credential-element will be added. If
GSS_C_NO_CREDENTIAL is specified, the routine
will compose the new credential based on default
behavior
desired_name Specifies the principal name whose credential
should be acquired.
desired_mechs Specifies the OID set for the security mechanism
for which the new credential may be used.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
gss_add_cred(3) gss_add_cred(3)
initiator_time_req Specifies the number of seconds that credentials
remain valid. for initiating security contexts.
This argument is ignored if the composed
credentials are of type GSS_C_ACCEPT. Specify
GSS_C_INDEFINITE to request that the credentials
have the maximum permitted initiator lifetime.
acceptor_time_req Specifies the number of seconds that credentials
remain valid. for accepting security contexts.
This argument is ignored if the composed
credentials are of type GSS_C_INITIATE. Specify
GSS_C_INDEFINITE to request that the credentials
have the maximum permitted acceptor lifetime.
cred_usage Specify one of the following:
GSS_C_BOTH Specifies credentials that the
context initiator can use to
either initiate or accept
security contexts.
GSS_C_INITIATE Specifies credentials that the
context initiator can use only
to initiate security contexts.
GSS_C_ACCEPT Specifies credentials that the
context initiator can use only
to accept security contexts.
Output Parameters [Toc] [Back]
output_cred_handle The returned credential handle, containing the
new credential-element and all the credentialelements
from input_cred_handle. If NULL is
specified for this parameter, the newly acquired
credential-element will be added to the
credential identified by input_cred_handle.
actual_mechs Returns a set of mechanisms for which the
credential is valid. This information is
optional. If you do not want a set of
mechanisms returned, specify NULL.
initiator_time_rec Specifies the actual number of seconds that
credentials remain valid for initiating security
contexts using the specified mechanism. If the
implementation or mechanism does not support
expiration of credentials, the value
GSS_C_INDEFINITE will be returned.
acceptor_time_rec Specifies the actual number of seconds that
credentials remain valid for accepting security
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
gss_add_cred(3) gss_add_cred(3)
contexts using the specified mechanism. If the
implementation or mechanism does not support
expiration of credentials, the value
GSS_C_INDEFINITE will be returned.
minor_status Returns a status code from the security
mechanism.
STATUS CODES [Toc] [Back]
The following list explains the GSS status codes that can be returned:
GSS_S_COMPLETE The routine was completed successfully.
GSS_S_BAD_MECH The requested security mechanism is
unsupported or unavailable.
GSS_S_BAD_NAMETYPE The name passed by the desired_name parameter
is unsupported.
GSS_S_BAD_NAME An invalid name was passed by the
desired_name parameter.
GSS_S_DUPLICATE_ELEMENT The credential already contains an element
for the requested mechanism with overlapping
usage and validity period.
GSS_S_CREDENTIALS_EXPIRED [Toc] [Back]
The required credentials could not be added
because they have expired.
GSS_S_NO_CRED No credentials were found for the specified
name.
AUTHOR [Toc] [Back]
gss_add_cred() was developed by Sun Microsystems, Inc.
SEE ALSO [Toc] [Back]
gss_init_sec_context(3).
The manpages for DCE-GSSAPI are included with the DCE-CoreTools
product. To see those manpages add /opt/dce/share/man to MANPATH.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |
