z/OS Integrated Security Services Network Authentication Service Programming
Previous topic |
Next topic
|
Contents
|
Contact z/OS
|
Library
|
PDF
Contents (exploded view)
z/OS Integrated Security Services Network Authentication Service Programming
SC23-6787-00
Abstract for Integrated Security Services Network Authentication Service Programming
z/OS Version 2 Release 1 summary of changes
Kerberos interfaces
Introduction to Kerberos
Kerberos basics
The purpose of realms
Assumptions about the environment
Using Kerberos files
Credentials cache
Replay cache
Key table
Using Kerberos services
Kerberos programming interfaces
krb5_address_compare (compare two Kerberos addresses)
krb5_address_search (search for address in address book)
krb5_auth_con_free (release an authentication context)
krb5_auth_con_genaddrs (generate local and remote network addresses)
krb5_auth_con_getaddrs (return local and remote network addresses)
krb5_auth_con_getauthenticator (return authenticator)
krb5_auth_con_getflags (return current authentication flags)
krb5_auth_con_getivector (return address of initial vector)
krb5_auth_con_getkey (retrieve encryption key)
krb5_auth_con_getlocalseqnumber (return local message sequence)
krb5_auth_con_getlocalsubkey (return local subsession key)
krb5_auth_con_getports (return local and remote network ports)
krb5_auth_con_getrcache (return replay cache)
krb5_auth_con_getremoteseqnumber (return remote message sequence number)
krb5_auth_con_getremotesubkey (return remote subsession key)
krb5_auth_con_init (create an authentication context)
krb5_auth_con_initivector (allocate initial encryption vector)
krb5_auth_con_set_req_cksumtype (set checksum type)
krb5_auth_con_set_safe_cksumtype (set application method checksum type)
krb5_auth_con_setaddrs (set local and remote address values)
krb5_auth_con_setflags (set authentication context flags)
krb5_auth_con_setivector (set initial encryption vector)
krb5_auth_con_setports (set local and remote network ports)
krb5_auth_con_setrcache (set replay cache)
krb5_auth_con_setuseruserkey (set user-to-user key)
krb5_auth_to_rep (convert Kerberos authenticator to replay entry)
krb5_build_principal (build a kerberos principal)
krb5_build_principal_ext (build a Kerberos principal)
krb5_build_principal_ext_va (build a Kerberos principal)
krb5_build_principal_va (build a Kerberos principal)
krb5_c_block_size (return cipher block size)
krb5_c_checksum_length (return checksum length)
krb5_c_decrypt (decrypt a data block)
krb5_c_encrypt (encrypt a data block)
krb5_c_encrypt_length (return encrypted data length)
krb5_c_enctype_compare (compare two encryption types)
krb5_c_keyed_checksum_types (return list of checksum types)
krb5_c_make_checksum (generate checksum for a data block)
krb5_c_make_random_key (generate random encryption key)
krb5_c_random_make_octets (generate random binary string)
krb5_c_string_to_key (generate encryption key from text string)
krb5_c_string_to_key_with_params (generate encryption key from text string with params)
krb5_c_verify_checksum (verify checksum)
krb5_cc_close (close credentials cache)
krb5_cc_default (resolve default credentials cache)
krb5_cc_default_name (return default credentials cache name)
krb5_cc_destroy (delete credentials cache)
krb5_cc_end_seq_get (end reading of credential cache)
krb5_cc_generate_new (generate new credentials cache)
krb5_cc_get_name (return credentials cache)
krb5_cc_get_principal (return credentials cache principal)
krb5_cc_get_type (return credentials cache type)
krb5_cc_initialize (initialize credentials cache)
krb5_cc_next_cred (return credentials cache next entry)
krb5_cc_register (define new credentials cache type)
krb5_cc_remove_cred (remove credentials cache entry)
krb5_cc_resolve (resolve credentials cache name)
krb5_cc_retrieve_cred (retrieve credentials from cache)
krb5_cc_set_default_name (set default credentials cache name)
krb5_cc_set_flags (set processing flags)
krb5_cc_start_seq_get (start retrieving credentials cache)
krb5_cc_store_cred (store new credentials)
krb5_change_password (change principal password)
krb5_copy_address (copy Kerberos address)
krb5_copy_addresses (copy an array of Kerberos addresses)
krb5_copy_authdata (copy an array of authorization data structures)
krb5_copy_authenticator (copy a Kerberos authenticator)
krb5_copy_checksum (copy a Kerberos checksum)
krb5_copy_creds (copy Kerberos credentials)
krb5_copy_data (copy Kerberos data object)
krb5_copy_keyblock (copy Kerberos keyblock)
krb5_copy_keyblock_contents (copy Kerberos keyblock contents)
krb5_copy_principal (copy Kerberos principal)
krb5_copy_ticket (copy Kerberos ticket)
krb5_dll_load (load Kerberos runtime library)
krb5_dll_unload (unload Kerberos runtime library)
krb5_free_address (release Kerberos address storage)
krb5_free_addresses (release Kerberos address storage)
krb5_free_ap_rep_enc_part (release decrypted storage)
krb5_free_authdata (release authentication data storage)
krb5_free_authenticator (release authenticator storage)
krb5_free_authenticator_contents (release authenticator storage)
krb5_free_checksum (release checksum storage)
krb5_free_checksum_contents (release checksum storage)
krb5_free_cksumtypes (release checksum storage)
krb5_free_context (release Kerberos context)
krb5_free_cred_contents (release credential storage)
krb5_free_creds (release credential storage)
krb5_free_data (release Kerberos data object storage)
krb5_free_data_contents (release Kerberos data object storage)
krb5_free_enc_tkt_part (release encrypted ticket storage)
krb5_free_enctypes (release encryption storage)
krb5_free_error (release Kerberos error message storage)
krb5_free_host_realm (release realm list storage)
krb5_free_kdc_rep (release KDC reply storage)
krb5_free_keyblock (release keyblock storage)
krb5_free_keyblock_contents (release keyblock storage)
krb5_free_krbhst (release host list storage)
krb5_free_principal (release principal storage)
krb5_free_string (release character string storage)
krb5_free_tgt_creds (release credential storage)
krb5_free_ticket (release ticket storage)
krb5_free_tickets (release ticket storage)
krb5_gen_replay_name (generate replay cache name)
krb5_generate_seq_number (generate random sequence number)
krb5_generate_subkey (generate subsession key)
krb5_get_cred_from_kdc (obtain KDC server service ticket)
krb5_get_cred_from_kdc_renew (renew KDC server service ticket)
krb5_get_cred_from_kdc_validate (validate KDC server service ticket)
krb5_get_cred_via_tkt (obtain KDC server service ticket)
krb5_get_credentials (obtain service ticket)
krb5_get_credentials_renew (renew a ticket)
krb5_get_credentials_validate (validate a ticket)
krb5_get_default_in_tkt_ktypes (return default encryption type)
krb5_get_default_realm (return default realm)
krb5_get_default_tgs_ktypes (return KDC default encryption types)
krb5_get_host_realm (get Kerberos realm name)
krb5_get_in_tkt_system (get initial KDC ticket)
krb5_get_in_tkt_with_keytab (get initial ticket using key table)
krb5_get_in_tkt_with_password (get initial ticket with text password)
krb5_get_in_tkt_with_skey (get initial ticket using session key)
krb5_get_krbhst (return list of KDC hosts)
krb5_get_server_rcache (generate replay cache)
krb5_init_context (create Kerberos context)
krb5_kt_add_entry (add new key table entry)
krb5_kt_close (close key table)
krb5_kt_default (resolve default key table)
krb5_kt_default_name (return default key table name)
krb5_kt_end_seq_get (end sequential key table reading)
krb5_kt_free_entry (release key table storage)
krb5_kt_get_entry (return key table entry)
krb5_kt_get_name (return key table name)
krb5_kt_get_type (return key table type)
krb5_kt_next_entry (return key table next entry)
krb5_kt_read_service_key (retrieve key table service key)
krb5_kt_register (define new key table type)
krb5_kt_remove_entry (remove key table entry)
krb5_kt_resolve (resolve key table name)
krb5_kt_start_seq_get (sequentially retrieve entries from key table)
krb5_md4_crypto_compat_ctl (set compatibility mode for MD4 checksum generation)
krb5_md5_crypto_compat_ctl (set compatibility mode for MD5 checksum generation)
krb5_mk_error (create Kerberos KRB_ERROR message)
krb5_mk_priv (create Kerberos KRB_PRIV message)
krb5_mk_rep (create Kerberos AP_REP message)
krb5_mk_req (create Kerberos AP_REQ message)
krb5_mk_req_extended (create Kerberos AP_REQ message)
krb5_mk_safe (create Kerberos KRB_SAFE message)
krb5_os_hostaddr (return network addresses)
krb5_os_localaddr (return network addresses)
krb5_parse_name (create Kerberos principal from text string)
krb5_principal_compare (compare two Kerberos principals)
krb5_random_confounder (create random confounder)
krb5_rc_close (close a replay cache)
krb5_rc_default (resolve default replay cache)
krb5_rc_default_name (return default replay cache name)
krb5_rc_destroy (delete replay cache)
krb5_rc_expunge (delete replay cache expired entries)
krb5_rc_free_entry_contents (release storage)
krb5_rc_get_lifespan (return authenticator lifespan)
krb5_rc_get_name (return replay cache name)
krb5_rc_get_type (return replay cache type)
krb5_rc_initialize (initialize replay cache)
krb5_rc_recover (recover replay cache)
krb5_rc_register_type (define new replay cache type)
krb5_rc_resolve (resolve replay cache name)
krb5_rc_store (store new replay cache entry)
krb5_rd_error (process Kerberos KRB_ERROR message)
krb5_rd_priv (process Kerberos KRB_PRIV message)
krb5_rd_rep (process a Kerberos AP_REP message)
krb5_rd_req (process a Kerberos AP_REQ message)
krb5_rd_req_verify (process a Kerberos AP_REQ message and verify checksum data)
krb5_rd_safe (process Kerberos KRB_SAFE message)
krb5_read_password (read a password)
krb5_realm_compare (compare two principal realms)
krb5_recvauth (receive authentication message)
krb5_sendauth (send authentication message)
krb5_set_config_files (set Kerberos configuration files for processing)
krb5_set_default_in_tkt_ktypes (set default encryption types)
krb5_set_default_realm (set default realm)
krb5_set_default_tgs_ktypes (set default encryption types)
krb5_sname_to_principal (convert service name to Kerberos principal)
krb5_svc_get_msg (return text message from Kerberos error code)
krb5_timeofday (return current time of day)
krb5_unparse_name (convert Keberos principal to text string)
krb5_unparse_name_ext (convert Kerberos principal to text string)
krb5_us_timeofday (return current time of day)
Kerberos administration programming interfaces
kadm5_chpass_principal (change the password for a principal entry)
kadm5_chpass_principal_3 (change the password for a principal entry)
kadm5_create_policy (create a policy entry)
kadm5_create_principal (create a principal entry)
kadm5_create_principal_3 (create a principal entry)
kadm5_delete_policy (delete a principal entry)
kadm5_delete_principal (delete a principal entry)
kadm5_destroy (close a session)
kadm5_free_key_list (free a list of keys)
kadm5_free_name_list (free a list of names)
kadm5_free_policy_ent (release policy entry storage)
kadm5_free_principal_ent (release principal entry storage)
kadm5_get_policies (return a list of policies)
kadm5_get_policy (return policy entry information)
kadm5_get_principal (get principal information)
kadm5_get_principals (return a list of principals)
kadm5_get_privs (return administration privileges)
kadm5_init_with_creds (establish a session using credentials)
kadm5_init_with_password (establish a session using a password)
kadm5_init_with_skey (establish a session using a key table)
kadm5_modify_policy (modify a policy entry)
kadm5_modify_principal (modify a principal entry)
kadm5_randkey_principal (generate random keys)
kadm5_randkey_principal_3 (generate random keys)
kadm5_rename_principal (rename a principal entry)
kadm5_setkey_principal (set the key for a principal entry)
kadm5_setkey_principal_3 (set the key for a principal entry)
GSS-API interfaces
Introduction to GSS-API
General information about GSS-API
GSS-API services
Message integrity and confidentiality
Message replay and sequencing
Quality of protection
Anonymity
Error handling
Major status values
Minor status values
Data types
Integer
String
Object identifier
Object identifier sets
Credentials
Contexts
Tokens
Names
Channel bindings
Optional parameters
GSS-API version compatibility
Interoperability with Microsoft Windows 2000 SSPI
Creating the security context
Accepting the security context
Message signature
Message encryption
Message sequence numbers
GSS-API programming interfaces
gss_accept_sec_context (accept a security context)
gss_acquire_cred (acquire a GSS-API credential)
gss_add_cred (add a credential)
gss_add_oid_set_member (add to an OID set)
gss_canonicalize_name (reduce to a mechanism name)
gss_compare_name (compare two internal names)
gss_context_time (return number of valid context seconds)
gss_create_empty_oid_set (create a new OID set)
gss_delete_sec_context (delete a security context)
gss_display_name (provide the text value of an internal name)
gss_display_status (provide the text name of a status code)
gss_duplicate_name (create a duplicate internal name)
gss_export_cred (create a GSS-API credential)
gss_export_name (export an opaque token)
gss_export_sec_context (create a security context token)
gss_get_mic (generate a signature)
gss_get_qop_list (generate protection level list)
gss_import_cred (create GSS-API credential)
gss_import_name (convert to GSS-API internal format)
gss_import_sec_context (create a GSS-API security context)
gss_indicate_mechs (indicate security mechanisms)
gss_init_sec_context (initiate security context)
gss_inquire_context (obtain security context information)
gss_inquire_cred (obtain GSS-API credential information)
gss_inquire_cred_by_mech (obtain single mechanism credential information)
gss_inquire_mechs_for_name (obtain available mechanisms)
gss_inquire_names_for_mech (obtain supported mechanisms)
gss_oid_to_str (convert to a string)
gss_process_context_token (process a context token)
gss_release_buffer (release buffer storage)
gss_release_cred (release local credentials)
gss_release_name (release internal name storage)
gss_release_oid (release gss_OID storage)
gss_release_oid_set (release gss_OID_set storage)
gss_str_to_oid (convert to gss_OID)
gss_test_oid_set_member (check OID for membership)
gss_unwrap (unwrap and verify a message)
gss_wrap (sign and encrypt a message)
gss_wrap_size_limit (determine the largest message)
GSS-API programming interfaces - Kerberos mechanism
gss_krb5_acquire_cred_ccache (acquire a GSS-API credential)
gss_krb5_ccache_name (set the default credentials cache name)
gss_krb5_copy_ccache (copy the credentials cache tickets)
gss_krb5_get_ccache (return the credentials cache)
gss_krb5_get_tkt_flags (return the ticket flags)
POSIX-based portable character set
Copyright IBM Corporation 1990, 2014