NAME    [Toc]    [Back]

       gss_export_sec_context  -  Prepare  security  context  for
       transfer to another process.

SYNOPSIS    [Toc]    [Back]

       #include <gssapi/gssapi.h>

       OM_uint32 gss_export_sec_context(
               OM_uint32 * minor_status,
               gss_ctx_id_t * context_handle,
               gss_buffer_t interprocess_token );

PARAMETERS    [Toc]    [Back]

       Kerberos 5 error code.   Security  context  to  be  transferred.
  After  the context is transferred, this parameter
       is set to GSS_C_NO_CONTEXT.  Token to  be  transferred  to
       the target process.

              The application must release the storage associated
              with  the  token  after  use   with   a   call   to
              gss_release_buffer().

DESCRIPTION    [Toc]    [Back]

       The  gss_export_sec_context() function prepares a security
       context for transfer to another process. It  is  typically
       used  by  the  context  acceptor in an application where a
       single process receives incoming connection  requests  and
       accepts  security  contexts over them. The initial process
       then passes the established context to another process for
       message exchange.

       This  function disables the security context for the calling
 process and creates an interprocess token  that,  when
       passed to gss_import_sec_context() in another process, reenables
 the context in the second process.  Only a  single
       instance  of a given security context may be active at any
       time; a subsequent attempt by a context exporter to access
       the exported security context will fail.

       The  interprocess  token  may  contain  security-sensitive
       information such as a cryptographic  key.  Therefore,  the
       application  must  take  care  to protect the interprocess
       token and to ensure that any process to which the token is
       transferred is trustworthy. In addition, this token should
       not be transferred over a network in an insecure manner.

       If creation of the interprocess token is  successful,  all
       process-wide  resources  associated with the security context
 are deallocated and the context_handle  parameter  is
       set  to  GSS_C_NO_CONTEXT.   The  security  context is not
       deleted until the exported security context token is  created.
  If an error occurs that makes it impossible to complete
 the export of the  security  context,  the  original
       context is returned unchanged.

       After  use, the application must release the storage associated
 with the token with a call to gss_release_buffer().

RETURN VALUES    [Toc]    [Back]

       GSS_S_CALL_INACCESSIBLE_READ    01xxxxxx
       GSS_S_CALL_INACCESSIBLE_WRITE   02xxxxxx
       GSS_S_COMPLETE                  00000000
       GSS_S_FAILURE                   xx0Dxxxx
       GSS_S_NO_CONTEXT                xx08xxxx
       GSS_S_UNAVAILABLE               xx10xxxx

PORTABILITY CONSIDERATIONS    [Toc]    [Back]

       This function exports a token that can only be shared with
       other HP Application Security SDK implementations.

SEE ALSO    [Toc]    [Back]

       Functions:  gss_accept_sec_context(3), gss_import_sec_context(3), gss_init_sec_context(3), gss_release_buffer(3)



                                        gss_export_sec_context(3)