GSSAPI (Generic Security Services Application Programming Interface)

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 3:...

Kerberos Example Programs

gss_accept_sec_context Establish a security context

5	GSSAPI (Generic Security Services Application Programming Interface)

This chapter describes the C language bindings for the routines that make up the Generic Security Services Application Programming Interface (GSSAPI).

The GSSAPI provides security services to its callers, and is intended for implementation atop alternative underlying cryptographic mechanisms. In this manual, the underlying cryptographic mechanism is assumed to be Kerberos.

The GSSAPI allows a communicating application to authenticate the user associated with another application, to delegate rights to another application, and to apply security services such as confidentiality and integrity on a per-message basis.

There are four stages to using the GSSAPI:

The application acquires a set of credentials with which it can prove its identity to other processes.

A pair of communicating applications establish a joint security context using their credentials. The security context is a pair of GSSAPI data structures that contain shared state information.

Per-message services are invoked to apply either integrity and data origin authentication, or confidentiality, integrity, and data authentication to application data.

At the completion of a communications session, the peer applications call GSSAPI routines to delete the security context.

Routines described in this chapter are implemented in the Generic Security Service library (GSS$RTL.EXE for 64-bit interfaces, or GSS$RTL32.EXE for 32-bit interfaces) in SYS$LIBRARY.

gss_accept_sec_context Establish a security context
gss_acquire_cred Acquire credential handle
gss_add_cred Construct credentials incrementally
gss_add_oid_set_member Add an object identifier to a set
gss_compare_name Allow application to compare two internal names
gss_canonicalize_name Convert internal name to internal mechanism name
gss_context_time Check how much longer context is valid
gss_create_empty_oid_set Create a set containing no object identifiers
gss_delete_sec_context Delete a security context
gss_display_name Provide textual representation of opaque internal name
gss_display_status Convert GSSAPI status code to text for user display
gss_duplicate_name Create a copy of an internal name
gss_export_name Convert an internal mechanism name to export form
gss_export_sec_context Transfer a security context to another process
gss_get_mic Generate a cryptographic MIC for a message
gss_import_name Convert a printable string to an internal form
gss_import_sec_context Import a transferred context
gss_indicate_mechs Allow an application to determine which security mechanisms are available
gss_init_sec_context Establish a security context
gss_inquire_context Extract security context information
gss_inquire_cred Provide calling application with information about a credential
gss_inquire_cred_by_mech Obtain per-mechanism information about a credential
gss_inquire_names_for_mech Return set of supported nametypes
gss_process_context_token Pass a security context to the security service
gss_release_buffer Free storage associated with a buffer
gss_release_cred Mark a credential for deletion
gss_release_name Free storage associated with an internal name that was allocated by a GSSAPI routine
gss_release_oid_set Free storage associated with a gss_OID_set object
gss_test_oid_set_member Determine whether an object identifier is a member of the set
gss_unwrap Verify a message with attached MIC and decrypt message content
gss_verify_mic Check that a cryptographic MIC fits the applied message
gss_wrap Attach a MIC to a message and encrypt the message
gss_wrap_size_limit Check expected size of wrapped output

Kerberos Example Programs

gss_accept_sec_context Establish a security context