gss_export_cred()--Export GSS Credential
Syntax
#include <krb5.h> krb5_error_code gss_export_cred ( OM_uint32 * minor_status, gss_cred_id_t cred_handle, gss_buffer_t cred_token)Service Program Name: QSYS/QKRBGSS
Default public authority: *USE
Threadsafe: Yes
The gss_export_cred() routine creates a credential token for a GSS-API credential. This credential token can then be given to another process on the same system or on a different system. This second process calls gss_import_cred() to create a GSS-API credential from the credential token. In order to use the credential on a different system, the security mechanism must allow the credential to be used from any system. In the case of the Kerberos security mechanism, this means the Kerberos ticket must not contain a client address list.
A credential can be exported only if it is an initiate credential (GSS_C_INITIATE was specified when the credential was created). The major status will be set to GSS_S_NO_CRED if the credential is not an initiate credential. The credential remains available upon completion of the export operation and can be used in subsequent GSS-API operations. The credential token created by one implementation of GSS-API cannot be used with a different implementation of GSS-API.
Parameters
- minor_status (Output)
- Status code returned from the security mechanism.
- cred_handle (Input/Output)
- The credential handle of the GSS-API credential to be used to create t he
credential token. The credential must be an initiate credential.
- cred_token (Output)
- The credential token returned. The storage for the token should be released
when it is no longer needed by calling the
gss_release_buffer() routine.
Return Value
The return value is one of the following status codes:
- GSS_S_COMPLETE
- The routine completed successfully.
- GSS_S_FAILURE
- The routine failed for reasons which are not defined at the GSS level. The
minor_status return parameter contains a mechanism-dependent error code
describing the reason for the failure.
- GSS_S_NO_CRED
- The supplied credential handle does not refer to a valid credential.
Authorities
None.
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
CPFA081 E | Unable to set return value or error code. |
API introduced: V5R2
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]