HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

gss_export_sec_context — Transfer a security context to another process

  Table of Contents



C Prototype

OM_uint32 gss_export_sec_context(
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token );


minor_status (output) 

An implementation-specific status code.

context_handle (input/output) 

The context handle identifying the context to transfer.

interprocess_token (output) 

The token to be transferred to the target process. Storage associated with this token must be freed by the application after use with a call to gss_release_buffer.


This routine is provided to support the sharing of work between multiple processes. It will typically be used by the context acceptor, in an application where a single process receives incoming connection requests and accepts security contexts over them, then passes the established context to one or more other processes for message exchange. The gss_export_sec_context routine deactivates the security context for the calling process and creates an interprocess token which, when passed to gss_import_sec_context in another process, will re-activate the context in the second process. Only a single instantiation of a given context may be active at any one time; a subsequent attempt by a context exporter to access the exported security context will fail.

The implementation may constrain the set of processes by which the interprocess token may be imported, either as a function of local security policy, or as a result of implementation decisions. For example, some implementations may constrain contexts to be passed only between processes that run under the same account, or which are part of the same process group.

The interprocess token may contain security-sensitive information (for example, cryptographic keys).

If the creation of the interprocess token is successful, all process-wide resources associated with the security context will be deallocated, and the context_handle will be set to GSS_C_NO_CONTEXT.

Return Values

This routine returns one of the following GSS status codes:


Successful completion.
GSS_S_CONTEXT_EXPIREDThe context has expired.
GSS_S_NO_CONTEXTThe context was invalid.

The operation is not supported.