krb5_auth_con_init()--Create and Initialize an Authentication Context

Syntax

 #include <krb5.h>

 krb5_error_code krb5_auth_con_init(
     krb5_context     context,
     krb5_auth_context *    auth_context);

  Service Program Name: QSYS/QKRBGSS

  Default Public Authority: *USE

  Threadsafe: Conditional. See Usage Notes.

The krb5_auth_con_init() function creates an authentication context. An authentication context contains information relating to a single connection between two applications. The context is initialized to enable the use of the replay cache (KRB5_AUTH_CONTEXT_DO_TIME (x'00000001')), but to disable the use of message sequence numbers. The krb5_auth_con_setflags() routine can be used to change these defaults.

Authorities

No authorities are required.

Parameters

context (Input): The Kerberos context.
auth_context (Output): The authentication context created by this call. The krb5_auth_con_free() routine should be called to release the authentication context when it is no longer needed.

Return Value

If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.

Error Messages

Message ID	Error Message Text
CPE3418 E	Possible APAR condition or hardware failure.

Usage Notes

The Kerberos protocol runtime provides no concurrency control for the authentication context. If the application wants to use the same authentication context in multiple threads, it is the responsibility of the application to serialize access to the authentication context so that only a single thread is accessing the authentication context at any time. Because message sequence numbers are contained in the authentication context, this serialization needs to be extended to encompass the message exchange between the two applications. Otherwise, message sequence errors are liable to occur if the messages are delivered out of sequence.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]