gss_export_cred()--Export GSS Credential


  Syntax 
 #include <krb5.h>

 krb5_error_code gss_export_cred (
    OM_uint32 *                         minor_status,
    gss_cred_id_t                       cred_handle,
    gss_buffer_t                        cred_token)
  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_export_cred() routine creates a credential token for a GSS-API credential. This credential token can then be given to another process on the same system or on a different system. This second process calls gss_import_cred() to create a GSS-API credential from the credential token. In order to use the credential on a different system, the security mechanism must allow the credential to be used from any system. In the case of the Kerberos security mechanism, this means the Kerberos ticket must not contain a client address list.

A credential can be exported only if it is an initiate credential (GSS_C_INITIATE was specified when the credential was created). The major status will be set to GSS_S_NO_CRED if the credential is not an initiate credential. The credential remains available upon completion of the export operation and can be used in subsequent GSS-API operations. The credential token created by one implementation of GSS-API cannot be used with a different implementation of GSS-API.


Parameters

minor_status  (Output)
Status code returned from the security mechanism.

cred_handle  (Input/Output)
The credential handle of the GSS-API credential to be used to create t he credential token. The credential must be an initiate credential.

cred_token  (Output)
The credential token returned. The storage for the token should be released when it is no longer needed by calling the gss_release_buffer() routine.


Return Value

The return value is one of the following status codes:

GSS_S_COMPLETE
The routine completed successfully.

GSS_S_FAILURE
The routine failed for reasons which are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.

GSS_S_NO_CRED
The supplied credential handle does not refer to a valid credential.


Authorities

None.


Error Messages

Message ID Error Message Text
CPE3418 E Possible APAR condition or hardware failure.
CPFA081 E Unable to set return value or error code.


API introduced: V5R2

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]