Networking Services Library Functions
rpcgssgetprincipalname(3NSL)
NAME
rpcgssgetprincipalname - Get principal names at server
SYNOPSIS
#include
boolt rpcgssgetprincipalname(rpcgssprincipal *principal,
char *mech, char *name, char *node, char *domain);
DESCRIPTION
Servers need to be able to operate on a client's principal
name. Such a name is stored by the server as a
rpcgssprincipalt structure, an opaque byte string which
can be used either directly in access control lists or as
database indices which can be used to look up a UNIX creden-
tial. A server may, for example, need to compare a principal
name it has received with the principal name of a known
entity, and to do that, it must be able to generate
rpcgssprincipalt structures from known entities.
rpcgssgetprincipalname() takes as input a security
mechanism, a pointer to a rpcgssprincipalt structure, and
several parameters which uniquely identify an entity on a
network: a user or service name, a node name, and a domain
name. From these parameters it constructs a unique,
mechanism-dependent principal name of the
rpcgssprincipalt structure type.
PARAMETERS
How many of the identifying parameters (name , node, and
domain) are necessary to specify depends on the mechanism
being used. For example, Kerberos V5 requires only a user
name but can accept a node and domain name. An application
can choose to set unneeded parameters to NUL.
Information on RPCSECGS data types for parameters may be
found on the rpcsecgss(3NSL) man page.
principal An opaque, mechanism-dependent structure
representing the client's principal name.
mech An ASCI string representing the security
mechanism in use. Valid strings may be found
in the /etc/gss/mech file, or by using
rpcgssgetmechanisms().
SunOS 5.11 Last change: 5 Feb 2002 1
Networking Services Library Functions
rpcgssgetprincipalname(3NSL)
name A UNIX login name (for example, 'gwashing-
ton') or service name, such as 'nfs'.
node A node in a domain; typically, this would be a
machine name (for example, 'valleyforge').
domain A security domain; for example, a DNS, NIS, or
NIS] domain name ('eng.company.com').
RETURN VALUES
rpcgssgetprincipalname() returns TRUE if it is success-
ful; otherwise, use rpcgssgeterror() to get the error
associated with the failure.
FILES
/etc/gss/mech File containing valid security mechanisms
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
MT-Level MT-Safe
Availability SUNWrsg (32-bit)
SUNWrsgx (64-bit)
SEE ALSO
free(3C), rpc(3NSL), rpcgssgetmechanisms(3NSL),
rpcgsssetsvcname(3NSL), rpcsecgss(3NSL), mech(4),
attributes(5)
ONC] Developer's Guide
Linn, J. RFC 2078, Generic Security Service Application Pro-
gram Interface, Version 2. Network Working Group. January
1997.
SunOS 5.11 Last change: 5 Feb 2002 2
Networking Services Library Functions
rpcgssgetprincipalname(3NSL)
NOTES
Principal names may be freed up by a call to free(3C). A
principal name need only be freed in those instances where
it was constructed by the application. (Values returned by
other routines point to structures already existing in a
context, and need not be freed.)
SunOS 5.11 Last change: 5 Feb 2002 3
Networking Services Library Functions
rpcgssgetprincipalname(3NSL)
SunOS 5.11 Last change: 5 Feb 2002 4
|
