1rpc_gss_get_principal_Nneatmweo(r3kNiSnLg)Services LibrarrypcF_ugnscst_igoents_principal_name(3NSL)
2
3
4
6 rpc_gss_get_principal_name - Get principal names at server
7
9 #include <rpc/rpcsec_gss.h>
10
11 bool_t rpc_gss_get_principal_name(rpc_gss_principal_ *principal,
12 char *mech, char *name, char *node, char *domain);
13
14
16 Servers need to be able to operate on a client's principal name. Such a
17 name is stored by the server as a rpc_gss_principal_t structure, an
18 opaque byte string which can be used either directly in access control
19 lists or as database indices which can be used to look up a UNIX cre‐
20 dential. A server may, for example, need to compare a principal name it
21 has received with the principal name of a known entity, and to do that,
22 it must be able to generate rpc_gss_principal_t structures from known
23 entities.
24
25
26 rpc_gss_get_principal_name() takes as input a security mechanism, a
27 pointer to a rpc_gss_principal_t structure, and several parameters
28 which uniquely identify an entity on a network: a user or service name,
29 a node name, and a domain name. From these parameters it constructs a
30 unique, mechanism-dependent principal name of the rpc_gss_principal_t
31 structure type.
32
34 How many of the identifying parameters (name , node, and domain) are
35 necessary to specify depends on the mechanism being used. For example,
36 Kerberos V5 requires only a user name but can accept a node and domain
37 name. An application can choose to set unneeded parameters to NULL.
38
39
40 Information on RPCSEC_GSS data types for parameters may be found on the
41 rpcsec_gss(3NSL) man page.
42
43 principal An opaque, mechanism-dependent structure representing the
44 client's principal name.
45
46
47 mech An ASCII string representing the security mechanism in
48 use. Valid strings may be found in the /etc/gss/mech
49 file, or by using rpc_gss_get_mechanisms().
50
51
52 name A UNIX login name (for example, 'gwashington') or ser‐
53 vice name, such as 'nfs'.
54
55
56 node A node in a domain; typically, this would be a machine
57 name (for example, 'valleyforge').
58
59
60 domain A security domain; for example, a DNS, NIS, or NIS+
61 domain name ('eng.company.com').
62
63
65 rpc_gss_get_principal_name() returns TRUE if it is successful; other‐
66 wise, use rpc_gss_get_error() to get the error associated with the
67 failure.
68
70 /etc/gss/mech File containing valid security mechanisms
71
72
74 See attributes(5) for descriptions of the following attributes:
75
76
77
78
79 ┌─────────────────────────────┬─────────────────────────────┐
80 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
81 ├─────────────────────────────┼─────────────────────────────┤
82 │MT-Level │MT-Safe │
83 ├─────────────────────────────┼─────────────────────────────┤
84 │Availability │SUNWrsg (32-bit) │
85 ├─────────────────────────────┼─────────────────────────────┤
86 │ │SUNWrsgx (64-bit) │
87 └─────────────────────────────┴─────────────────────────────┘
88
90 free(3C), rpc(3NSL), rpc_gss_get_mechanisms(3NSL),
91 rpc_gss_set_svc_name(3NSL), rpcsec_gss(3NSL), mech(4), attributes(5)
92
93
94 ONC+ Developer's Guide
95
96
97 Linn, J. RFC 2078, Generic Security Service Application Program Inter‐
98 face, Version 2. Network Working Group. January 1997.
99
101 Principal names may be freed up by a call to free(3C). A principal name
102 need only be freed in those instances where it was constructed by the
103 application. (Values returned by other routines point to structures
104 already existing in a context, and need not be freed.)
105
106
107
108SunOS 5.11 5 Feb 2002 rpc_gss_get_principal_name(3NSL)