csf_gss_get_context_options man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

csf_gss_get_context_options(3)			csf_gss_get_context_options(3)

NAME
       csf_gss_get_context_options  - Obtain information about a security con‐
       text

SYNOPSIS
       #include <gssapi/gssapi.h>

       OM_uint32 csf_gss_get_context_options(
	       OM_uint32 minor_status,
	       const gss_ctx_id_t context handle,
	       OM_uint32 ctx_flags );

PARAMETERS
       Kerberos 5 error code.  Security context to  be	queried.   Flags  that
       indicate the service options the context supports. Specify NULL if this
       information is not required.

	      Symbolic names are provided for each flag. These names should be
	      bitwise  ANDed  with the ctx_flags value to test whether a given
	      option is supported by the context.

	      The flags are: True -- DES encryption is available.

	      False -- DES encryption is not available.	 True -- DES3  encryp‐
	      tion is available.

	      False -- DES3 encryption is not available.

					    Note

	      DES3 and DES encryption are mutually exclusive and unique to the
	      HP implementation of the	GSS-API.   Since  the  HP  Application
	      Security	SDK  does  not	support anonymous authentication, this
	      value is always set to false.  True --  Confidentiality  service
	      may be invoked by calling the gss_wrap() function.

	      False -- No confidentiality service via gss_wrap() is available.
	      The gss_wrap() function  provides	 message  encapsulation,  data
	      origin  authentication,  and  integrity  services only.  True --
	      Credentials were delegated to the initiating application.

	      False -- No credentials were delegated.  True -- Integrity  ser‐
	      vice   may   be  invoked	by  calling  either  gss_get_mic()  or
	      gss_wrap().

	      False -- Per-message integrity service is unavailable.  True  --
	      The  remote  peer that, in this case, is the initiating applica‐
	      tion, requested mutual authentication.

	      False -- The remote peer did not request mutual  authentication.
	      The  value  of  this  bit indicates the actual state at the time
	      gss_accept_sec_context() returns, whether or not the context  is
	      fully established.

	      True  --	Protection  services  (as  specified  by the states of
	      GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for  use  if
	      the  accompanying major status return value is either GSS_S_COM‐
	      PLETE or GSS_S_CONTINUE_NEEDED.

	      False -- Protection services (as	specified  by  the  states  of
	      GSS_C_CONF_FLAG  and GSS_C_INTEG_FLAG) are available only if the
	      accompanying major status return value is GSS_S_COMPLETE.	  True
	      -- Replay of protected messages will be detected.

	      False  -- Replay of messages will not be detected.  True -- Out-
	      of-sequence protected messages will be detected.

	      False -- Out-of-sequence messages will  not  be  detected.   The
	      value  of	 this  bit  indicates  the  actual  state  at the time
	      gss_accept_sec_context() returns, whether or not the context  is
	      fully established.

	      True  --	The  resulting	security context may be transferred to
	      other processes via a call to gss_export_sec_context().

	      False -- The security context is not transferable.

DESCRIPTION
       The csf_gss_get_context_options() function is an extension that obtains
       information about a security context. The application must already have
       initiated the context, although the context need not  be	 fully	estab‐
       lished.

       Use this function to determine what type of encryption (DES3 or DES) is
       supported by the context. A context can be downgraded from DES3 to  DES
       if  the	following  conditions are not met: ActiveTRUST Security Server
       must be configured for DES3.  The principals  for  the  initiating  and
       accepting  applications must be DES3 enabled in the principal database.
       The security context initiator must obtain a TGT enabled for DES3.  The
       security	 context  initiator must use the DES3 flag when initiating the
       security context.

RETURN VALUES
       GSS_S_CALL_INACCESSIBLE_READ    01xxxxxx
       GSS_S_CALL_INACCESSIBLE_WRITE   02xxxxxx
       GSS_S_COMPLETE		       00000000
       GSS_S_FAILURE		       xx0Dxxxx
       GSS_S_NO_CONTEXT		       xx08xxxx

PORTABILITY CONSIDERATIONS
       This function is an HP extension of the GSS-API standard	 that  is  not
       supported by other GSS-API implementations.

SEE ALSO
       Functions:	    gss_accept_sec_context(3),	       gss_get_mic(3),
       gss_import_sec_context(3), gss_init_sec_context(3), gss_wrap(3)

						csf_gss_get_context_options(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net