Networking Services Library Functions
rpc_gss_get_principal_name(3NSL)
NAME
rpc_gss_get_principal_name - Get principal names at server
SYNOPSIS
#include
bool_t rpc_gss_get_principal_name(rpc_gss_principal_ *principal,
char *mech, char *name, char *node, char *domain);DESCRIPTION
Servers need to be able to operate on a client's principal name. Such a name is stored by the server as arpc_gss_principal_t structure, an opaque byte string which
can be used either directly in access control lists or asdatabase indices which can be used to look up a UNIX creden-
tial. A server may, for example, need to compare a principal name it has received with the principal name of a known entity, and to do that, it must be able to generaterpc_gss_principal_t structures from known entities.
rpc_gss_get_principal_name() takes as input a security
mechanism, a pointer to a rpc_gss_principal_t structure, and
several parameters which uniquely identify an entity on a network: a user or service name, a node name, and a domain name. From these parameters it constructs a unique,mechanism-dependent principal name of the
rpc_gss_principal_t structure type.
PARAMETERS
How many of the identifying parameters (name , node, and domain) are necessary to specify depends on the mechanism being used. For example, Kerberos V5 requires only a user name but can accept a node and domain name. An application can choose to set unneeded parameters to NULL.Information on RPCSEC_GSS data types for parameters may be
found on the rpcsec_gss(3NSL) man page.
principal An opaque, mechanism-dependent structure
representing the client's principal name. mech An ASCII string representing the security mechanism in use. Valid strings may be found in the /etc/gss/mech file, or by usingrpc_gss_get_mechanisms().
SunOS 5.11 Last change: 10 Dec 2009 1
Networking Services Library Functionsrpc_gss_get_principal_name(3NSL)
name A UNIX login name (for example, 'gwashing-
ton') or service name, such as 'nfs'. node A node in a domain; typically, this would be a machine name (for example, 'valleyforge'). domain A security domain; for example, a DNS or NIS domain name ('eng.company.com').RETURN VALUES
rpc_gss_get_principal_name() returns TRUE if it is success-
ful; otherwise, use rpc_gss_get_error() to get the error
associated with the failure. FILES /etc/gss/mech File containing valid security mechanismsATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:_______________________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|________________________________________|
| MT-Level | MT-Safe |
|_____________________________|________________________________________|
| Availability | system/library/security/rpcsec (32-bit)|
|_____________________________|________________________________________|
| | SUNWrsgx (64-bit) |
|_____________________________|________________________________________|
SEE ALSO
free(3C), rpc(3NSL), rpc_gss_get_mechanisms(3NSL),
rpc_gss_set_svc_name(3NSL), rpcsec_gss(3NSL), mech(4),
attributes(5) ONC+ Developer's GuideLinn, J. RFC 2078, Generic Security Service Application Pro-
gram Interface, Version 2. Network Working Group. January 1997.SunOS 5.11 Last change: 10 Dec 2009 2
Networking Services Library Functionsrpc_gss_get_principal_name(3NSL)
NOTES Principal names may be freed up by a call to free(3C). A principal name need only be freed in those instances where it was constructed by the application. (Values returned by other routines point to structures already existing in a context, and need not be freed.)SunOS 5.11 Last change: 10 Dec 2009 3
Networking Services Library Functionsrpc_gss_get_principal_name(3NSL)
SunOS 5.11 Last change: 10 Dec 2009 4