gss_inquire_cred_by_mech - obtain information about credentials
for a specific security mechanism
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
OM_uint32 * acceptor_lifetime,
gss_cred_usage_t * cred_usag );
Kerberos 5 error code. Credentials being queried. If
GSS_C_NO_CREDENTIALS is specified, the default initiator
credentials are used. Object identifier (OID) set of
security mechanisms for the credentials being queried.
Specify rfc_krb5_c_OID_set for Kerberos 5. The principal
name whose identity the credentials represent. This name
is an internal form name. Specify NULL if this information
is not required.
The storage associated with this name should be
freed by the application after use with a call to
gss_release_name(). The number of seconds remaining
in the lifetime of initiator credentials under
the specified mechanism. If the credentials have
expired, a value of zero is returned. Specify NULL
if this information is not required. The number of
seconds remaining in the lifetime of acceptor credentials
under the specified mechanism. Since the
HP implementation of the GSS-API does not support
credentials expiration for acceptors, a value of
GSS_C_INDEFINITE is always returned. How the credentials
may be used. Specify NULL if this information
is not required. GSS_C_BOTH -- Credentials
may be used to either initiate or accept security
contexts. GSS_C_INITIATE -- Credentials may be
used only to initiate security contexts.
GSS_C_ACCEPT-- Credentials may be used only to
accept security contexts.
The gss_inquire_cred_by_mech() function obtains information
about credentials for a specified security mechanism.
This information includes the principal name whose identity
the credentials represent, the remaining validity
period (initiators only), and the credentials usage.
With Kerberos 5, the credential that is queried is the
TGT, not service tickets.
Before calling this function, the application must first
To avoid memory leaks, the application must release the
storage associated with the name parameter with a call to
gss_release_name() after use.
Functions: gss_acquire_cred(3), gss_inquire_cred(3),
[ Back ]