gss_inquire_cred_by_mech()--Get Information About GSS Credential for Single Security Mechanism


  Syntax 
 #include <gssapi.h>

 OM_uint32 gss_inquire_cred_by_mech (
     OM_uint32 *    minor_status,
     gss_cred_id_t      cred_handle,  
     gss_OID      mech_type,
     gss_name_t *   name,
     OM_uint32 *    init_lifetime,
     OM_uint32 *    accept_lifetime,
     gss_cred_usage_t *   cred_usage);
  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_inquire_cred_by_mech() function returns information about a GSS credential for a single security mechanism. The information is obtained using the specified security mechanism.


Parameters

minor_status  (Output)
A status code from the security mechanism.

cred_handle  (Input)
The handle for the GSS credential. Specify GSS_C_NO_CREDENTIAL to get information about the default credential for the default security mechanism.

mech_type  (Input)
The mechanism to be used to obtain the returned information as follows:

gss_mech_krb5_old Beta Kerberos V5 mechanism
gss_mech_krb5 Kerberos V5 mechanism


name  (Output)
The principal name associated with the credential. Specify NULL for this parameter if the principal name is not required.

init_lifetime  (Output)
The number of seconds for which the credential remains valid for initiating contexts. Specify NULL for this parameter if the credential lifetime is not required.

accept_lifetime  (Output)
The number of seconds for which the credential remains valid for accepting contexts. Specify NULL for this parameter if the credential lifetime is not required.

cred_usage  (Output)
One of the following values describing how the application can use the credential. Specify NULL for this parameter if the credential usage is not required.

GSS_C_ACCEPT The application may accept a security context.
GSS_C_BOTH The application may both initiate and accept security contexts.
GSS_C_INITIATE The application may initiate a security context.

Return Value

The return value is one of the following status codes:

GSS_S_BAD_MECH
The requested mechanism is not supported.

GSS_S_COMPLETE
The routine completed successfully.

GSS_S_CREDENTIALS_EXPIRED
The credentials have expired. Credential information will still be returned for an expired credential, but the lifetime value will be returned as zero.

GSS_S_DEFECTIVE_CREDENTIAL
The credentials are not valid.

GSS_S_FAILURE
The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.

GSS_S_NO_CRED
The cred_handle parameter does not refer to a valid credential or there are no default credentials available.

Authorities

Object Referred to Data Authority Required
Each directory in the path name preceding the configuration file *X
Configuration file *R


Error Messages

Message ID Error Message Text
CPE3418 E Possible APAR condition or hardware failure.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]