|
|
csf_gss_get_context_options(3)
Contents
|
csf_gss_get_context_options - Obtain information about a
security context
#include <gssapi/gssapi.h>
OM_uint32 csf_gss_get_context_options(
OM_uint32 minor_status,
const gss_ctx_id_t context handle,
OM_uint32 ctx_flags );
Kerberos 5 error code. Security context to be queried.
Flags that indicate the service options the context supports.
Specify NULL if this information is not required.
Symbolic names are provided for each flag. These
names should be bitwise ANDed with the ctx_flags
value to test whether a given option is supported
by the context.
The flags are: True -- DES encryption is available.
False -- DES encryption is not available. True --
DES3 encryption is available.
False -- DES3 encryption is not available.
Note
DES3 and DES encryption are mutually exclusive and
unique to the HP implementation of the GSS-API.
Since the HP Application Security SDK does not support
anonymous authentication, this value is always
set to false. True -- Confidentiality service may
be invoked by calling the gss_wrap() function.
False -- No confidentiality service via gss_wrap()
is available. The gss_wrap() function provides message
encapsulation, data origin authentication, and
integrity services only. True -- Credentials were
delegated to the initiating application.
False -- No credentials were delegated. True --
Integrity service may be invoked by calling either
gss_get_mic() or gss_wrap().
False -- Per-message integrity service is unavailable.
True -- The remote peer that, in this case,
is the initiating application, requested mutual
authentication.
False -- The remote peer did not request mutual
authentication. The value of this bit indicates
the actual state at the time gss_accept_sec_context()
returns, whether or not the context is fully
established.
True -- Protection services (as specified by the
states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are
available for use if the accompanying major status
return value is either GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED.
False -- Protection services (as specified by the
states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are
available only if the accompanying major status
return value is GSS_S_COMPLETE. True -- Replay of
protected messages will be detected.
False -- Replay of messages will not be detected.
True -- Out-of-sequence protected messages will be
detected.
False -- Out-of-sequence messages will not be
detected. The value of this bit indicates the
actual state at the time gss_accept_sec_context()
returns, whether or not the context is fully established.
True -- The resulting security context may be
transferred to other processes via a call to
gss_export_sec_context().
False -- The security context is not transferable.
The csf_gss_get_context_options() function is an extension
that obtains information about a security context. The
application must already have initiated the context,
although the context need not be fully established.
Use this function to determine what type of encryption
(DES3 or DES) is supported by the context. A context can
be downgraded from DES3 to DES if the following conditions
are not met: ActiveTRUST Security Server must be configured
for DES3. The principals for the initiating and
accepting applications must be DES3 enabled in the principal
database. The security context initiator must obtain
a TGT enabled for DES3. The security context initiator
must use the DES3 flag when initiating the security context.
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx
PORTABILITY CONSIDERATIONS [Toc] [Back] This function is an HP extension of the GSS-API standard
that is not supported by other GSS-API implementations.
Functions: gss_accept_sec_context(3), gss_get_mic(3),
gss_import_sec_context(3), gss_init_sec_context(3),
gss_wrap(3)
csf_gss_get_context_options(3)
[ Back ] | 