Networking Services Library Functions rpcgssseccreate(3NSL)
NAME
rpcgssseccreate - create a security context using the
RPCSECGS protocol
SYNOPSIS
#include
AUTH *rpcgssseccreate(CLIENT *clnt, char *principal, char *mechanism,
rpcgssservicet servicetype, char *qop,
rpcgssoptionsreqt *optionsreq,
rpcgssoptionsrett *optionsret);
DESCRIPTION
rpcgssseccreate() is used by an appliction to create a
security context using the RPCSECGS protocol, making use
of the underlying GS-API network layer.
rpcgssseccreate() allows an application to specify the
type of security mechanism (for example, Kerberos v5), the
type of service (for example, integrity checking), and the
Quality of Protection (QOP) desired for transferring data.
PARAMETERS
Information on RPCSECGS data types for parameters may be
found on the rpcsecgss(3NSL) man page.
clnt This is the RPC client handle. clnt may be
obtained, for example, from clntcreate().
principal This is the identity of the server princi-
pal, specified in the form service@host,
where service is the name of the service the
client wishes to access and host is the
fully qualified name of the host where the
service resides - for example,
nfs@mymachine.eng.company.com.
mechanism This is an ASCI string which indicates
which security mechanism to use with this
data. Appropriate mechanisms may be found
in the file /etc/gss/mech; additionally,
rpcgssgetmechanisms() returns a list of
supported security mechanisms (as null-
terminated strings).
servicetype This sets the initial type of service for
the session - privacy, integrity, authenti-
cation, or none.
SunOS 5.11 Last change: 29 Jun 2001 1
Networking Services Library Functions rpcgssseccreate(3NSL)
qop This is an ASCI string which sets the qual-
ity of protection (QOP) for the session.
Appropriate values for this string may be
found in the file /etc/gss/qop. Addition-
ally, supported QOPs are returned (as null-
terminated strings) by
rpcgssgetmechinfo().
optionsreq This structure contains options which are
passed directly to the underlying GSAPI
layer. If the caller specifies NUL for
this parameter, defaults are used. (See
NOTES, below.)
optionsret These GS-API options are returned to the
caller. If the caller does not need to see
these options, then it may specify NUL for
this parameter. (See NOTES, below.)
RETURN VALUES
rpcgssseccreate() returns a security context handle (an
RPC authentication handle) of type AUTH. If
rpcgssseccreate() cannot return successfully, the applica-
tion can get an error number by calling rpcgssgeterror().
FILES
/etc/gss/mech File containing valid security mechanisms
/etc/gss/qop File containing valid QOP values.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 29 Jun 2001 2
Networking Services Library Functions rpcgssseccreate(3NSL)
ATRIBUTE TYPE ATRIBUTE VALUE
MT-Level MT-Safe
Availability SUNWrsg (32-bits)
SUNWrsgx (64-bits)
SEE ALSO
authdestroy(3NSL), rpc(3NSL), rpcgssgeterror(3NSL),
rpcgssgetmechanisms(3NSL), rpcsecgss(3NSL), mech(4),
qop(4), attributes(5)
ONC] Developer's Guide
Linn, J. RFC 2743, Generic Security Service Application Pro-
gram Interface Version 2, Update 1. Network Working Group.
January 2000.
NOTES
Contexts may be destroyed normally, with authdestroy().
See authdestroy(3NSL)
SunOS 5.11 Last change: 29 Jun 2001 3
|
