#include <gssapi.h> OM_uint32 gss_accept_sec_context ( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_cred_id_t acceptor_cred_handle, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t * src_name, gss_OID * mech_type, gss_buffer_t output_token, gss_flags_t * ret_flags, OM_uint32 * time_rec, gss_cred_id_t * delegated_cred_handle);Service Program Name: QSYS/QKRBGSS
The gss_accept_sec_context() function accepts a security context created by the context initiator.
gss_mech_krb5_old | Beta Kerberos V5 mechanism |
gss_mech_krb5 | Kerberos V5 mechanism |
GSS_C_ANON_FLAG | Anonymous services are available if this flag is TRUE. The src_name parameter returns an anonymous internal name. |
GSS_C_CONF_FLAG | Confidentiality services are available if this flag is TRUE. |
GSS_C_DELEG_FLAG | Delegated credentials are available if this flag is TRUE. |
GSS_C_INTEG_FLAG | Integrity services are available if this flag is TRUE. |
GSS_C_MUTUAL_FLAG | Mutual authentication is required if this flag is TRUE. |
GSS_C_PROT_READY_FLAG | Protection services, as specified by the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available if the accompanying major status is GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED. Otherwise, protection services are available only if the accompanying major status is GSS_S_COMPLETE. |
GSS_C_REPLAY_FLAG | Replayed signed or sealed messages are detected if this flag is TRUE. |
GSS_C_SEQUENCE_FLAG | Out-of-sequence signed or sealed messages are detected if this flag is TRUE. |
The return value is one of the following status codes:
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Each directory in the path name preceding the keytab file | *X |
Keytab file | *R |
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
If the length value in the output_token is not zero, the context acceptor must pass the returned token to the context initiator. The context initiator must then call gss_init_sec_context() and specify the context identifier returned by the original call to gss_init_sec_context(), as well as the output token that was returned by the context acceptor.
To complete the context establishment, one or more reply tokens may be required from the peer application. If so, gss_accept_sec_context() returns a status flag of GSS_S_CONTINUE_NEEDED, in which case it should be called again when the reply token is received from the peer application, passing the token to gss_accept_sec_context() through the input_token parameter.
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]