NAME    [Toc]    [Back]

       gss_inquire_cred_by_mech  -  obtain information about credentials
 for a specific security mechanism

SYNOPSIS    [Toc]    [Back]

       #include <gssapi/gssapi.h>

       OM_uint32 gss_inquire_cred_by_mech(
               OM_uint32 * minor_status,
               const gss_cred_id_t cred_handle,
               const gss_OID mech_type,
               gss_name_t * name,
               OM_uint32 * initiator_lifetime,
               OM_uint32 * acceptor_lifetime,
               gss_cred_usage_t * cred_usag );

PARAMETERS    [Toc]    [Back]

       Kerberos 5 error  code.   Credentials  being  queried.  If
       GSS_C_NO_CREDENTIALS  is  specified, the default initiator
       credentials are used.   Object  identifier  (OID)  set  of
       security  mechanisms  for  the  credentials being queried.
       Specify rfc_krb5_c_OID_set for Kerberos 5.  The  principal
       name  whose  identity the credentials represent. This name
       is an internal form name. Specify NULL if this information
       is not required.

              The  storage  associated  with  this name should be
              freed by the application after use with a  call  to
              gss_release_name().   The number of seconds remaining
 in the lifetime of initiator credentials  under
              the  specified  mechanism.  If the credentials have
              expired, a value of zero is returned. Specify  NULL
              if this information is not required.  The number of
              seconds remaining in the lifetime of acceptor  credentials
  under  the specified mechanism. Since the
              HP implementation of the GSS-API does  not  support
              credentials  expiration  for  acceptors, a value of
              GSS_C_INDEFINITE is always returned.  How the  credentials
 may be used. Specify NULL if this information
 is not required.   GSS_C_BOTH  --  Credentials
              may  be  used to either initiate or accept security
              contexts.  GSS_C_INITIATE  --  Credentials  may  be
              used    only   to   initiate   security   contexts.
              GSS_C_ACCEPT--  Credentials may  be  used  only  to
              accept security contexts.

DESCRIPTION    [Toc]    [Back]

       The  gss_inquire_cred_by_mech()  function obtains information
 about credentials for a specified security mechanism.
       This  information  includes the principal name whose identity
 the credentials  represent,  the  remaining  validity
       period (initiators only), and the credentials usage.

       With  Kerberos  5,  the  credential that is queried is the
       TGT, not service tickets.

       Before calling this function, the application  must  first
       acquire credentials.

       To  avoid  memory  leaks, the application must release the
       storage associated with the name parameter with a call  to
       gss_release_name() after use.

RETURN VALUES    [Toc]    [Back]

       GSS_S_BAD_MECH                  xx01xxxx
       GSS_S_CALL_INACCESSIBLE_READ    01xxxxxx
       GSS_S_CALL_INACCESSIBLE_WRITE   02xxxxxx
       GSS_S_COMPLETE                  00000000
       GSS_S_DEFECTIVE_CREDENTIAL      xx0Axxxx
       GSS_S_FAILURE                   xx0Dxxxx
       GSS_S_NO_CRED                   xx07xxxx

SEE ALSO    [Toc]    [Back]

       Functions:  gss_acquire_cred(3),      gss_inquire_cred(3),
       gss_release_name(3), gss_release_oid_set(3)



                                      gss_inquire_cred_by_mech(3)