Generic Security Services API Library Functions
gss_acquire_cred(3GSS)
NAME
gss_acquire_cred - acquire a handle for a pre-existing
credential by nameSYNOPSIS
cc [ flag... ] file... -lgss [ library... ]
#include
OM_uint32 gss_acquire_cred(OM_uint32 *minor_status,
const gss_name_t *desired_name, OM_uint32 time_req,
const gss_OID_set desired_mech, gss_cred_usage_t cred_usage,
gss_cred_id_t * output_cred_handle, gss_OID_set *actual_mechs,
OM_uint32 *time_rec);
DESCRIPTION
The gss_acquire_cred() function allows an application to
acquire a handle for a pre-existing credential by name. This
routine is not intended as a function to login to the net-
work; a function for login to the network would involvecreating new credentials rather than merely acquiring a han-
dle to existing credentials.If desired_name is GSS_C_NO_NAME, the call is interpreted as
a request for a credential handle that will invoke defaultbehavior when passed to gss_init_sec_context(3GSS) (if
cred_usage is GSS_C_INITIATE or GSS_C_BOTH) or
gss_accept_sec_context(3GSS) (if cred_usage is GSS_C_ACCEPT
or GSS_C_BOTH).
Normally gss_acquire_cred() returns a credential that is
valid only for the mechanisms requested by the desired_mechs
argument. However, if multiple mechanisms can share a single credential element, the function returns all the mechanismsfor which the credential is valid in the actual_mechs argu-
ment.gss_acquire_cred() is intended to be used primarily by con-
text acceptors, since the GSS-API routines obtain initiator
credentials through the system login process. Accordingly,you may not acquire GSS_C_INITIATE or GSS_C_BOTH credentials
by means of gss_acquire_cred() for any name other than
GSS_C_NO_NAME. Alternatively, you may acquire GSS_C_INITIATE
or GSS_C_BOTH credentials for a name produced when
gss_inquire_cred(3GSS) is applied to a valid credential, or
when gss_inquire_context(3GSS) is applied to an active con-
text.SunOS 5.11 Last change: 14 Jan 2003 1
Generic Security Services API Library Functionsgss_acquire_cred(3GSS)
If credential acquisition is time-consuming for a mechanism,
the mechanism may choose to delay the actual acquisition until the credential is required, for example, bygss_init_sec_context(3GSS) or by
gss_accept_sec_context(3GSS). Such mechanism-specific
implementations are, however, invisible to the callingapplication; thus a call of gss_inquire_cred(3GSS) immedi-
ately following the call of gss_acquire_cred() will return
valid credential data and incur the overhead of a deferred credential acquisition.PARAMETERS
The parameter descriptions for gss_acquire_cred() follow:
desired_name The name of the principal for which a
credential should be acquired.time_req The number of seconds that credentials
remain valid. Specify GSS_C_INDEFINITE
to request that the credentials have the maximum permitted lifetimedesired_mechs The set of underlying security mechan-
isms that may be used.GSS_C_NO_OID_SET may be used to obtain
a default.cred_usage A flag that indicates how this creden-
tial should be used. If the flag isGSS_C_ACCEPT, then credentials will be
used only to accept security creden-
tials. GSS_C_INITIATE indicates that
credentials will be used only to ini-
tiate security credentials. If theflag is GSS_C_BOTH, then credentials
may be used either to initiate or accept security contexts.output_cred_handle The returned credential handle.
Resources associated with this creden-
tial handle must be released by the application after use with a call togss_release_cred(3GSS)
actual_mechs The set of mechanisms for which the
credential is valid. StorageSunOS 5.11 Last change: 14 Jan 2003 2
Generic Security Services API Library Functionsgss_acquire_cred(3GSS)
associated with the returned OID-set
must be released by the application after use with a call togss_release_oid_set(3GSS). Specify
NULL if not required.time_rec Actual number of seconds for which the
returned credentials will remain valid. Specify NULL if not required.minor_status Mechanism specific status code.
ERRORS
gss_acquire_cred() may return the following status code:
GSS_S_COMPLETE Successful completion.
GSS_S_BAD_MECH An unavailable mechanism has
been requested.GSS_S_BAD_NAMETYPE The type contained within the
desired_name parameter is not
supported.GSS_S_BAD_NAME The value supplied for
desired_name parameter is ill
formed.GSS_S_CREDENTIALS_EXPIRED The credentials could not be
acquired because they have expired.GSS_S_NO_CRED No credentials were found for
the specified name.GSS_S_FAILURE The underlying mechanism
detected an error for which no specific GSS status code isdefined. The mechanism-
specific status code reportedby means of the minor_status
parameter details the errorSunOS 5.11 Last change: 14 Jan 2003 3
Generic Security Services API Library Functionsgss_acquire_cred(3GSS)
condition.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________________|
| Availability | system/library/security/gss (32-bit)|
|_____________________________|_____________________________________|
| | SUNWgssx (64-bit) |
|_____________________________|_____________________________________|
| MT-Level | Safe |
|_____________________________|_____________________________________|
SEE ALSO
gss_accept_sec_context(3GSS), gss_init_sec_context(3GSS),
gss_inquire_context(3GSS), gss_inquire_cred(3GSS),
gss_release_cred(3GSS), gss_release_oid_set(3GSS), attri-
butes(5) Oracle Solaris Security for Developers GuideSunOS 5.11 Last change: 14 Jan 2003 4
Generic Security Services API Library Functionsgss_acquire_cred(3GSS)
SunOS 5.11 Last change: 14 Jan 2003 5