#include <gssapi.h> OM_uint32 gss_init_sec_context ( OM_uint32 * minor_status, gss_cred_id_t cred_handle, gss_ctx_id_t * context_handle, gss_name_t target_name, gss_OID mech_type, gss_flags_t req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID * actual_mech_type, gss_buffer_t output_token, gss_flags_t * ret_flags, OM_uint32 * time_rec);Service Program Name: QSYS/QKRBGSS
The gss_init_sec_context() function initiates a security context for use by two communicating applications.
gss_mech_krb5_old | Beta Kerberos V5 mechanism |
gss_mech_krb5 | Kerberos V5 mechanism |
GSS_C_NO_OID | Default mechanism. For the IBM® i implementation of GSS, this is the Kerberos V5 mechanism. |
GSS_C_ANON_FLAG | Request initiator anonymity. This flag is ignored in the current GSS implementation since Kerberos mechanism does not support initiator anonymity. |
GSS_C_DELEG_FLAG | Request delegated credentials for use by the context acceptor. |
GSS_C_MUTUAL_FLAG | Request mutual authentication to validate the identity of the context acceptor. |
GSS_C_REPLAY_FLAG | Request message replay detection for signed or sealed messages. |
GSS_C_SEQUENCE_FLAG | Request message sequence checking for signed or sealed messages. |
GSS_C_ANON_FLAG | The initiator identity will not be provided to the context acceptor. |
GSS_C_CONF_FLAG | Message confidentiality services are available. |
GSS_C_DELEG_FLAG | Delegated credentials will be available to the context acceptor. |
GSS_C_INTEG_FLAG | Message integrity services are available. |
GSS_C_MUTUAL_FLAG | Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup. |
GSS_C_PROT_READY_FLAG | Protection services, as specified by the states of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available for use if the accompanying major status return value is GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED. Otherwise, protection services are available for use only if the accompanying major status return value is GSS_S_COMPLETE. |
GSS_C_REPLAY_FLAG | Message replay detection will be performed. |
GSS_C_SEQUENCE_FLAG | Message sequence checking will be performed. |
The return value is one of the following status codes:
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Each directory in the path name preceding the credential cache file | *X |
Credential cache file | *RW |
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
The first time the application calls the gss_init_sec_context() routine, the input_token parameter should either be specified as GSS_C_NO_BUFFER or the buffer length field should be set to zero. If no token needs to be sent to the context acceptor, the gss_init_sec_context() routine sets the output_token length field to zero.
To finish establishing the context, the calling application can require one
or more tokens from the context acceptor. If the application requires reply
tokens, the gss_init_sec_context() routine returns
GSS_S_CONTINUE_NEEDED in the supplementary information portion
of the major status value. The application must call the
gss_init_sec_context() routine again when it receives the
reply token from the context acceptor and pass the token using the
input_token parameter. When calling the
gss_init_sec_context() routine to continue processing a
context, the same request values must be used as for the initial call.
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]