HP Open Source Security for OpenVMS Volume 3: Kerberos

Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

  Table of Contents

  Glossary

  Index

Table of Contents

gss_accept_sec_context — Establish a security context
C Prototype
Arguments
Description
Return Values
gss_acquire_cred — Acquire credential handle
C Prototype
Arguments
Description
Return Values
gss_add_cred — Construct credentials incrementally
C Prototype
Arguments
Description
Return Values
gss_add_oid_set_member — Add an object identifier to a set
C Prototype
Arguments
Description
Return Values
gss_compare_name — Allow application to compare two internal names
C Prototype
Arguments
Description
Return Values
gss_canonicalize_name — Convert internal name to internal mechanism name
C Prototype
Arguments
Description
Return Values
gss_context_time — Check how much longer context is valid
C Prototype
Arguments
Description
Return Values
gss_create_empty_oid_set — Create a set containing no object identifiers
C Prototype
Arguments
Description
Return Values
gss_delete_sec_context — Delete a security context
C Prototype
Arguments
Description
Return Values
gss_display_name — Provide textual representation of opaque internal name
C Prototype
Arguments
Description
Return Values
gss_display_status — Convert GSSAPI status code to text for user display
C Prototype
Arguments
Description
Return Values
gss_duplicate_name — Create a copy of an internal name
C Prototype
Arguments
Description
Return Values
gss_export_name — Convert an internal mechanism name to export form
C Prototype
Arguments
Description
Return Values
gss_export_sec_context — Transfer a security context to another process
C Prototype
Arguments
Description
Return Values
gss_get_mic — Generate a cryptographic MIC for a message
C Prototype
Arguments
Description
Return Values
gss_import_name — Convert a printable string to an internal form
C Prototype
Arguments
Description
Return Values
gss_import_sec_context — Import a transferred context
C Prototype
Arguments
Description
Return Values
gss_indicate_mechs — Allow an application to determine which security mechanisms are available
C Prototype
Arguments
Description
Return Values
gss_init_sec_context — Establish a security context
C Prototype
Arguments
Description
Return Values
gss_inquire_context — Extract security context information
C Prototype
Arguments
Description
Return Values
gss_inquire_cred — Provide calling application with information about a credential
C Prototype
Arguments
Description
Return Values
gss_inquire_cred_by_mech — Obtain per-mechanism information about a credential
C Prototype
Arguments
Description
Return Values
gss_inquire_names_for_mech — Return set of supported nametypes
C Prototype
Arguments
Description
Return Values
gss_process_context_token — Pass a security context to the security service
C Prototype
Arguments
Description
Return Values
gss_release_buffer — Free storage associated with a buffer
C Prototype
Arguments
Description
Return Values
gss_release_cred — Mark a credential for deletion
C Prototype
Arguments
Description
Return Values
gss_release_name — Free storage associated with an internal name that was allocated by a GSSAPI routine
C Prototype
Arguments
Description
Return Values
gss_release_oid_set — Free storage associated with a gss_OID_set object
C Prototype
Arguments
Description
Return Values
gss_test_oid_set_member — Determine whether an object identifier is a member of the set
C Prototype
Arguments
Description
Return Values
gss_unwrap — Verify a message with attached MIC and decrypt message content
C Prototype
Arguments
Description
Return Values
gss_verify_mic — Check that a cryptographic MIC fits the applied message
C Prototype
Arguments
Description
Return Values
gss_wrap — Attach a MIC to a message and encrypt the message
C Prototype
Arguments
Description
Return Values
gss_wrap_size_limit — Check expected size of wrapped output
C Prototype
Arguments
Description
Return Values

This chapter describes the C language bindings for the routines that make up the Generic Security Services Application Programming Interface (GSSAPI).

The GSSAPI provides security services to its callers, and is intended for implementation atop alternative underlying cryptographic mechanisms. In this manual, the underlying cryptographic mechanism is assumed to be Kerberos.

The GSSAPI allows a communicating application to authenticate the user associated with another application, to delegate rights to another application, and to apply security services such as confidentiality and integrity on a per-message basis.

There are four stages to using the GSSAPI:

  • The application acquires a set of credentials with which it can prove its identity to other processes.

  • A pair of communicating applications establish a joint security context using their credentials. The security context is a pair of GSSAPI data structures that contain shared state information.

  • Per-message services are invoked to apply either integrity and data origin authentication, or confidentiality, integrity, and data authentication to application data.

  • At the completion of a communications session, the peer applications call GSSAPI routines to delete the security context.

Routines described in this chapter are implemented in the Generic Security Service library (GSS$RTL.EXE for 64-bit interfaces, or GSS$RTL32.EXE for 32-bit interfaces) in SYS$LIBRARY.