qkrb_build_spnego_init_token()--Build a SPNEGO Initiator Token
Syntax
#include <qkrbspnego.h> OM_uint32 qkrb_build_spnego_init_token( gss_OID_set supported_mechanisms, gss_flags_t * context_flags, gss_buffer_desc * token_for_first_mechanism, gss_buffer_desc * mechanism_list_mic, OM_uint32 format_type, gss_buffer_desc * initiator_token);Service Program Name: QSYS/QKRBSPNEGO
Default Public Authority: *USE
Threadsafe: Yes
The qkrb_build_spnego_init_token() builds a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller.
Authorities
No authorities are required.
Parameters
- supported_mechanisms (Input)
- A gss_OID_set that contains one or more security mechanisms supported by the initiator. Specify GSS_C_NO_OID_SET if there are no mechanisms to add.
- context_flags (Input)
- The context flags that are required to establish the context. The context flags should be filled in from the req_flags parameter of gss_init_sec_context(). Specify NULL for this parameter if there are no context flags to send.
The following flags are supported. All other flags will be ignored.
GSS_C_ANON_FLAG (64) | The initiator identity will not be provided to the context acceptor. |
GSS_C_CONF_FLAG (16) | Message confidentiality services are available. |
GSS_C_DELEG_FLAG (1) | Delegated credentials will be available to the context acceptor. |
GSS_C_INTEG_FLAG (32) | Message integrity services are available. |
GSS_C_MUTUAL_FLAG (2) | Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup. |
GSS_C_REPLAY_FLAG (4) | Message replay detection will be performed. |
GSS_C_SEQUENCE_FLAG (8) | Message sequence checking will be performed. |
- token_for_first_mechanism (Input)
- The security token associated with the first mechanism in the
supported_mechanisms gss_OID_set.
Specify GSS_C_NO_BUFFER if there is no token.
- mechanism_list_mic (Input)
- The mechanism list MIC to be added to the initiator token.
Specify GSS_C_NO_BUFFER if there is no mechanism list MIC.
- format_type (Input)
- The format to follow when building the SPNEGO token.
Possible values are:
GSS_SPNEGO_FORMAT_0 (0) The format of the SPNEGO token built follows the syntax defined in RFC 2478. GSS_SPNEGO_FORMAT_1 (1) The format of the SPNEGO token built follows the syntax defined in RFC 2478 with one exception. The mechanism_list_mic is sent as SEQUENCE/GENERAL_STRING. - initiator_token (Output)
- The initiator token built from the input information.
The application should release the initiator token when
it is no longer needed by calling the
gss_release_buffer()
routine.
Return Value
The return value is one of the following status codes:
- GSS_SPNEGO_SUCCESS (0)
- The routine completed successfully.
- GSS_SPNEGO_UNEXPECTED_ERR (1)
- The routine failed for unexpected reasons. Check the joblog for errors.
- GSS_SPNEGO_NOMEM (2)
- Memory allocation failed.
Related Information
For a description of the SPNEGO protocol, see RFC 2478 on the RFC Pages for The Simple and Protected GSS-API Negotiation Mechanism.
API introduced: V5R4
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]