Generic Security Services APIs

The Generic Security Services (GSS) APIs support job environments for most EBCDIC CCSIDs. CCSID 290 and 5026 are not supported because of the variance of lowercase letters a to z.

The GSS APIs provide security services to applications that use peer-to-peer communications. For more information, see the Network authentication service topic collection.

The GSS APIs are:

• gss_accept_sec_context() (Accept security context) accepts a security context created by the context initiator.
• gss_acquire_cred() (Acquire GSS credential) allows an application to acquire a GSS credential.
• gss_add_cred() (Add credential element to existing GSS credential) adds a credential element to an existing GSS credential.
• gss_add_oid_set_member() (Add OID to an OID set) adds a new OID to an existing OID set.
• gss_canonicalize_name() (Reduce GSS internal name to mechanism name) takes a GSS internal name that contains multiple internal representations and returns a new GSS internal name with a single name representation that corresponds to the specified security mechanism.
• gss_compare_name() (Compare two internal GSS names) allows an application to compare two internal names to determine whether they refer to the same object.
• gss_context_time() (Get number of seconds security context remains valid) checks the specified security context and returns the number of seconds that the context remains valid.
• gss_create_empty_oid_set() (Create empty OID set) creates a new, empty OID set. Members can be added to the OID set by calling the gss_add_oid_set_member() routine.
• gss_delete_sec_context() (Delete security context) deletes one end of a security context.
• gss_display_name() (Get textual representation of internal GSS name) returns the textual representation of an opaque internal name.
• gss_display_status() (Get textual representation of GSS status code or mechanism code) provides an application with a textual representation of a GSS or mechanism status code.
• gss_duplicate_name() (Create duplicate GSS internal name) creates a duplicate of a GSS internal name.
• gss_export_cred() (Export GSS Credential) creates a credential token for a GSS-API credential.
• gss_export_name() (Create Opaque Token for a Mechanism Name) creates an opaque token for a mechanism name.
• gss_export_sec_context() (Export Security Context) creates a context token for a GSS API security context.
• gss_get_mic() (Generate cryptographic signature for message) generates a cryptographic signature for a message and returns this signature in a token that can be sent to a partner application.
• gss_import_cred() (Import GSS Credential) accepts a credential token created by thegss_export_cred()routine and creates a GSS API credential.
• gss_import_name() (Convert printable name to GSS internal format) converts a printable name to the GSS internal format.
• gss_import_sec_context() (Import Security Context) accepts a security context token created by thegss_export_sec_context()routine and creates a GSS API security context.
• gss_indicate_mechs() (Determine available security mechanisms) allows an application to determine which security mechanisms are available on the local system.
• gss_init_sec_context() (Initiate security context) initiates a security context for use by two communicating applications.
• gss_inquire_context() (Get information about security context) returns information about a security context to the calling application.
• gss_inquire_cred() (Get information about GSS credential) returns information about a GSS credential to the calling application.
• gss_inquire_cred_by_mech() (Get information about GSS credential for single security mechanism) returns information about a GSS credential for a single security mechanism.
• gss_inquire_mechs_for_name() (Determine mechanisms to process name) returns the mechanisms with which a name may be processed.
• gss_inquire_names_for_mech() (Get name types supported by security mechanism) returns the name types supported by a security mechanism.
• gss_krb5_acquire_cred_cache() (Acquire GSS Credential from a Kerberos Protocol Credentials Cache) acquires a GSS API credential using a Kerberos credentials cache.
• gss_krb5_ccache_name() (Set Default Kerberos Protocol Credentials Cache Name) sets the default credentials cache name for use by the Kerberos mechanism.
• gss_krb5_copy_ccache() (Copy Tickets From Associated GSS Credentials to Kerberos Protocol Credentials Cache) copies the tickets from the Kerberos credentials cache associated with a GSS API credential to a credentials cache provided by the caller.
• gss_krb5_get_ccache() (Get Kerberos protocol credentials cache associated with specified GSS credential) returns the returns the handle for the Kerberos credentials cache associated with a GSS credential.
• gss_krb5_get_tkt_flags() (Get Kerberos protocol ticket flags) returns the Kerberos ticket flags from the Kerberos ticket associated with the security context.
• gss_oid_to_str() (Convert OID object to string representation of object) converts a gss_oid object to a string representation of the object identifier.
• gss_process_context_token() (Process received context token) processes a context token received from the partner application.
• gss_release_buffer() (Release storage associated with buffer) releases storage associated with a gss_buffer_t buffer. The gss_buffer_desc structure itself is not released.
• gss_release_cred() (Release storage associated with GSS credential) releases the local data structures associated with a GSS credential.
• gss_release_name() (Release storage associated with GSS internal name) releases storage associated with a gss_name_t internal name.
• gss_release_oid() (Release storage associated with OID object) releases storage associated with a gss_oid object.
• gss_release_oid_set() (Release storage associated with a set of OID objects) releases storage associated with a gss_oid_set object.
• gss_str_to_oid() (Convert string representation of an object identifier to an internal OID object) converts the string representation of an object identifier to a gss_OID object.
• gss_test_oid_set_member() (Determine if specified OID is contained in a specified OID set) checks an oid set to see if a specified oid is a member of the set.
• gss_unwrap() (Unwrap a message) unwraps a message sealed by the gss_wrap() routine and verifies the embedded signature.
• gss_verify_mic() (Verify that cryptographic signature is correct) verifies that the cryptographic signature for a message is correct.
• gss_wrap() (Cryptographically sign and optionally encrypt message) cryptographically signs and optionally encrypts a message.
• gss_wrap_size_limit() (Determine largest message that can be wrapped) determines the largest message that can be processed by the gss_wrap() routine without exceeding the specified output token size.
• qkrb_build_spnego_init_token() (Build a SPNEGO initiator token) builds a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller.
• qkrb_build_spnego_target_token() (Build a SPNEGO target token) builds a Simple and Protected GSS-API Negotiation (SPNEGO) Target Token and returns the results to the caller.
• qkrb_free_spnego_init_item() (Release storage associated with an initiator token item) releases storage associated with a qkrb_spnego_init_item_t object.
• qkrb_free_spnego_target_item() (Release storage associated with a target token item) releases storage associated with a qkrb_spnego_target_item t object.
• qkrb_parse_spnego_init_token() (Parse a SPNEGO initiator token) parses a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller.
• qkrb_parse_spnego_target_token() (Parse a SPNEGO target token) parses a Simple and Protected GSS-API Negotiation (SPNEGO) Target Token and returns the results to the caller.

---

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]