|
gss_inquire_cred(3)
Contents
|
gss_inquire_cred - Obtain information about credentials.
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred(
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms );
Kerberos 5 error code. Credentials being queried. If
GSS_C_NO_CREDENTIALS is specified, the default initiator
credentials are used. The principal name whose identity
the credentials represent. This name is an internal form
name.
The storage associated with this name should be
freed by the application after use with a call to
gss_release_name(). The number of seconds remaining
in the lifetime of the credentials. If the credentials
have expired, a value of zero is returned.
Specify NULL for this parameter if this information
is not required.
This parameter is valid only for initiator credentials.
The HP implementation of the GSS-API does
not support credentials expiration for acceptor
credentials. A value of GSS_C_INDEFINITE is always
returned for acceptor credentials. How the credentials
may be used. Specify NULL if this information
is not required. GSS_C_BOTH -- Credentials may be
used to either initiate or accept security contexts.
GSS_C_INITIATE -- Credentials may be used
only to initiate security contexts. GSS_C_ACCEPT--
Credentials may be used only to accept security
contexts. Object identifier (OID) set of security
mechanisms supported by the credentials. The HP
implementation of the GSS-API supports Kerberos 5.
The storage associated with this OID set should be
freed by the application after use with a call to
gss_release_oid_set().
The gss_inquire_cred() function obtains information about
credentials. This information includes the principal name
whose identity the credentials represent, the remaining
validity period (initiators only), the credentials usage,
and the security mechanisms supported.
With Kerberos 5, the credential that is queried is the
TGT, not service tickets.
To avoid memory leaks, the application must release the
storage associated with the name parameter with a call to
gss_release_name() after use. Similarly, the storage associated
with mechanisms OID set must be released with a
call to gss_release_oid_set().
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_DEFECTIVE_CREDENTIAL xx0Axxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CRED xx07xxxx
Functions: gss_acquire_cred(3),
gss_inquire_cred_by_mech(3), gss_release_name(3),
gss_release_oid_set(3)
gss_inquire_cred(3)
[ Back ] |