1rpc_gss_seccreate(3NSLN)etworking Services Library Functiornpsc_gss_seccreate(3NSL)
2
3
4
6 rpc_gss_seccreate - create a security context using the RPCSEC_GSS pro‐
7 tocol
8
10 #include <rpc/rpcsec_gss.h>
11
12 AUTH *rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
13 rpc_gss_service_t service_type, char *qop,
14 rpc_gss_options_req_t *options_req,
15 rpc_gss_options_ret_t *options_ret);
16
17
19 rpc_gss_seccreate() is used by an appliction to create a security con‐
20 text using the RPCSEC_GSS protocol, making use of the underlying GSS-
21 API network layer. rpc_gss_seccreate() allows an application to spec‐
22 ify the type of security mechanism (for example, Kerberos v5), the type
23 of service (for example, integrity checking), and the Quality of Pro‐
24 tection (QOP) desired for transferring data.
25
27 Information on RPCSEC_GSS data types for parameters may be found on
28 the rpcsec_gss(3NSL) man page.
29
30 clnt This is the RPC client handle. clnt may be obtained,
31 for example, from clnt_create().
32
33
34 principal This is the identity of the server principal, specified
35 in the form service@host, where service is the name of
36 the service the client wishes to access and host is the
37 fully qualified name of the host where the service
38 resides — for example, nfs@mymachine.eng.company.com.
39
40
41 mechanism This is an ASCII string which indicates which security
42 mechanism to use with this data. Appropriate mecha‐
43 nisms may be found in the file /etc/gss/mech; addition‐
44 ally, rpc_gss_get_mechanisms() returns a list of sup‐
45 ported security mechanisms (as null-terminated
46 strings).
47
48
49 service_type This sets the initial type of service for the session —
50 privacy, integrity, authentication, or none.
51
52
53 qop This is an ASCII string which sets the quality of pro‐
54 tection (QOP) for the session. Appropriate values for
55 this string may be found in the file /etc/gss/qop.
56 Additionally, supported QOPs are returned (as null-ter‐
57 minated strings) by rpc_gss_get_mech_info().
58
59
60 options_req This structure contains options which are passed
61 directly to the underlying GSS_API layer. If the call‐
62 er specifies NULL for this parameter, defaults are
63 used. (See NOTES, below.)
64
65
66 options_ret These GSS-API options are returned to the caller. If
67 the caller does not need to see these options, then it
68 may specify NULL for this parameter. (See NOTES,
69 below.)
70
71
73 rpc_gss_seccreate() returns a security context handle (an RPC authenti‐
74 cation handle) of type AUTH. If rpc_gss_seccreate() cannot return suc‐
75 cessfully, the application can get an error number by calling
76 rpc_gss_get_error().
77
79 /etc/gss/mech File containing valid security mechanisms
80
81
82 /etc/gss/qop File containing valid QOP values.
83
84
86 See attributes(5) for descriptions of the following attributes:
87
88
89
90
91 ┌─────────────────────────────┬─────────────────────────────┐
92 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
93 ├─────────────────────────────┼─────────────────────────────┤
94 │MT-Level │MT-Safe │
95 ├─────────────────────────────┼─────────────────────────────┤
96 │Availability │SUNWrsg (32-bits) │
97 ├─────────────────────────────┼─────────────────────────────┤
98 │ │SUNWrsgx (64-bits) │
99 └─────────────────────────────┴─────────────────────────────┘
100
102 auth_destroy(3NSL), rpc(3NSL), rpc_gss_get_error(3NSL),
103 rpc_gss_get_mechanisms(3NSL), rpcsec_gss(3NSL), mech(4), qop(4),
104 attributes(5)
105
106
107 ONC+ Developer's Guide
108
109
110 Linn, J. RFC 2743, Generic Security Service Application Program Inter‐
111 face Version 2, Update 1. Network Working Group. January 2000.
112
114 Contexts may be destroyed normally, with auth_destroy(). See
115 auth_destroy(3NSL)
116
117
118
119SunOS 5.11 29 Jun 2001 rpc_gss_seccreate(3NSL)