Networking Services Library Functions rpc_gss_seccreate(3NSL)
NAME
rpc_gss_seccreate - create a security context using the
RPCSEC_GSS protocol
SYNOPSIS
#include
AUTH *rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
rpc_gss_service_t service_type, char *qop,
rpc_gss_options_req_t *options_req,
rpc_gss_options_ret_t *options_ret);
DESCRIPTION
rpc_gss_seccreate() is used by an appliction to create a
security context using the RPCSEC_GSS protocol, making use
of the underlying GSS-API network layer.
rpc_gss_seccreate() allows an application to specify the
type of security mechanism (for example, Kerberos v5), the type of service (for example, integrity checking), and the Quality of Protection (QOP) desired for transferring data.PARAMETERS
Information on RPCSEC_GSS data types for parameters may be
found on the rpcsec_gss(3NSL) man page.
clnt This is the RPC client handle. clnt may beobtained, for example, from clnt_create().
principal This is the identity of the server princi-
pal, specified in the form service@host, where service is the name of the service the client wishes to access and host is the fully qualified name of the host where theservice resides - for example,
nfs@mymachine.eng.company.com. mechanism This is an ASCII string which indicates which security mechanism to use with this data. Appropriate mechanisms may be found in the file /etc/gss/mech; additionally,rpc_gss_get_mechanisms() returns a list of
supported security mechanisms (as null-
terminated strings).service_type This sets the initial type of service for
the session - privacy, integrity, authenti-
cation, or none.SunOS 5.11 Last change: 29 Jun 2001 1
Networking Services Library Functions rpc_gss_seccreate(3NSL)
qop This is an ASCII string which sets the qual-
ity of protection (QOP) for the session. Appropriate values for this string may befound in the file /etc/gss/qop. Addition-
ally, supported QOPs are returned (as null-
terminated strings) byrpc_gss_get_mech_info().
options_req This structure contains options which are
passed directly to the underlying GSS_API
layer. If the caller specifies NULL for this parameter, defaults are used. (See NOTES, below.)options_ret These GSS-API options are returned to the
caller. If the caller does not need to see these options, then it may specify NULL for this parameter. (See NOTES, below.)RETURN VALUES
rpc_gss_seccreate() returns a security context handle (an
RPC authentication handle) of type AUTH. Ifrpc_gss_seccreate() cannot return successfully, the applica-
tion can get an error number by calling rpc_gss_get_error().
FILES /etc/gss/mech File containing valid security mechanisms /etc/gss/qop File containing valid QOP values.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 29 Jun 2001 2
Networking Services Library Functions rpc_gss_seccreate(3NSL)
________________________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_________________________________________|
| MT-Level | MT-Safe |
|_____________________________|_________________________________________|
| Availability | system/library/security/rpcsec (32-bits)|
|_____________________________|_________________________________________|
| | SUNWrsgx (64-bits) |
|_____________________________|_________________________________________|
SEE ALSO
auth_destroy(3NSL), rpc(3NSL), rpc_gss_get_error(3NSL),
rpc_gss_get_mechanisms(3NSL), rpcsec_gss(3NSL), mech(4),
qop(4), attributes(5) ONC+ Developer's GuideLinn, J. RFC 2743, Generic Security Service Application Pro-
gram Interface Version 2, Update 1. Network Working Group. January 2000. NOTESContexts may be destroyed normally, with auth_destroy().
See auth_destroy(3NSL)
SunOS 5.11 Last change: 29 Jun 2001 3