gss_export_sec_context - Prepare security context for
transfer to another process.
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token );
Kerberos 5 error code. Security context to be transferred.
After the context is transferred, this parameter
is set to GSS_C_NO_CONTEXT. Token to be transferred to
the target process.
The application must release the storage associated
with the token after use with a call to
The gss_export_sec_context() function prepares a security
context for transfer to another process. It is typically
used by the context acceptor in an application where a
single process receives incoming connection requests and
accepts security contexts over them. The initial process
then passes the established context to another process for
This function disables the security context for the calling
process and creates an interprocess token that, when
passed to gss_import_sec_context() in another process, reenables
the context in the second process. Only a single
instance of a given security context may be active at any
time; a subsequent attempt by a context exporter to access
the exported security context will fail.
The interprocess token may contain security-sensitive
information such as a cryptographic key. Therefore, the
application must take care to protect the interprocess
token and to ensure that any process to which the token is
transferred is trustworthy. In addition, this token should
not be transferred over a network in an insecure manner.
If creation of the interprocess token is successful, all
process-wide resources associated with the security context
are deallocated and the context_handle parameter is
set to GSS_C_NO_CONTEXT. The security context is not
deleted until the exported security context token is created.
If an error occurs that makes it impossible to complete
the export of the security context, the original
context is returned unchanged.
After use, the application must release the storage associated
with the token with a call to gss_release_buffer().
PORTABILITY CONSIDERATIONS [Toc] [Back]
This function exports a token that can only be shared with
other HP Application Security SDK implementations.
Functions: gss_accept_sec_context(3), gss_import_sec_context(3), gss_init_sec_context(3), gss_release_buffer(3)
[ Back ]