gss_inquire_cred_by_mech()--Get Information About GSS Credential for Single Security Mechanism

Syntax

 #include <gssapi.h>

 OM_uint32 gss_inquire_cred_by_mech (
     OM_uint32 *    minor_status,
     gss_cred_id_t      cred_handle,  
     gss_OID      mech_type,
     gss_name_t *   name,
     OM_uint32 *    init_lifetime,
     OM_uint32 *    accept_lifetime,
     gss_cred_usage_t *   cred_usage);

  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_inquire_cred_by_mech() function returns information about a GSS credential for a single security mechanism. The information is obtained using the specified security mechanism.

Parameters

minor_status (Output)

A status code from the security mechanism.

cred_handle (Input)

The handle for the GSS credential. Specify GSS_C_NO_CREDENTIAL to get information about the default credential for the default security mechanism.

mech_type (Input)

The mechanism to be used to obtain the returned information as follows:

gss_mech_krb5_old

Beta Kerberos V5 mechanism

gss_mech_krb5

Kerberos V5 mechanism

name (Output)

The principal name associated with the credential. Specify NULL for this parameter if the principal name is not required.

init_lifetime (Output)

The number of seconds for which the credential remains valid for initiating contexts. Specify NULL for this parameter if the credential lifetime is not required.

accept_lifetime (Output)

The number of seconds for which the credential remains valid for accepting contexts. Specify NULL for this parameter if the credential lifetime is not required.

cred_usage (Output)

One of the following values describing how the application can use the credential. Specify NULL for this parameter if the credential usage is not required.

GSS_C_ACCEPT

The application may accept a security context.

GSS_C_BOTH

The application may both initiate and accept security contexts.

GSS_C_INITIATE

The application may initiate a security context.

Return Value

The return value is one of the following status codes:

GSS_S_BAD_MECH: The requested mechanism is not supported.
GSS_S_COMPLETE: The routine completed successfully.
GSS_S_CREDENTIALS_EXPIRED: The credentials have expired. Credential information will still be returned for an expired credential, but the lifetime value will be returned as zero.
GSS_S_DEFECTIVE_CREDENTIAL: The credentials are not valid.
GSS_S_FAILURE: The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.
GSS_S_NO_CRED: The cred_handle parameter does not refer to a valid credential or there are no default credentials available.

Authorities

Object Referred to

Data Authority Required

Each directory in the path name preceding the configuration file

Configuration file

Error Messages

Message ID

Error Message Text

CPE3418 E

Possible APAR condition or hardware failure.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]