rpc_gss_seccreate(3NSNetworking Services Library Functirpc_gss_seccreate(3NSL)NAMErpc_gss_seccreate - create a security context using the RPCSEC_GSS pro‐
tocol
SYNOPSIS
#include <rpc/rpcsec_gss.h>
AUTH *rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mecha‐
nism, rpc_gss_service_t service_type, char *qop, rpc_gss_options_req_t
*options_req, rpc_gss_options_ret_t *options_ret);
DESCRIPTIONrpc_gss_seccreate() is used by an appliction to create a security con‐
text using the RPCSEC_GSS protocol, making use of the underlying GSS-
API network layer. rpc_gss_seccreate() allows an application to spec‐
ify the type of security mechanism (for example, Kerberos v5), the type
of service (for example, integrity checking), and the Quality of Pro‐
tection (QOP) desired for transferring data.
PARAMETERS
Information on RPCSEC_GSS data types for parameters may be found on
the rpcsec_gss(3NSL) man page.
clnt This is the RPC client handle. clnt may be
obtained, for example, from clnt_create().
principal This is the identity of the server principal,
specified in the form service@host, where ser‐
vice is the name of the service the client
wishes to access and host is the fully quali‐
fied name of the host where the service resides
— for example, nfs@mymachine.eng.company.com.
mechanism This is an ASCII string which indicates which
security mechanism to use with this data.
Appropriate mechanisms may be found in the file
/etc/gss/mech; additionally, rpc_gss_get_mech‐
anisms() returns a list of supported security
mechanisms (as null-terminated strings).
service_type This sets the initial type of service for the
session — privacy, integrity, authentication,
or none.
qop This is an ASCII string which sets the quality
of protection (QOP) for the session. Appropri‐
ate values for this string may be found in the
file /etc/gss/qop. Additionally, supported QOPs
are returned (as null-terminated strings) by
rpc_gss_get_mech_info().
options_req This structure contains options which are
passed directly to the underlying GSS_API
layer. If the caller specifies NULL for this
parameter, defaults are used. (See NOTES,
below.)
options_ret These GSS-API options are returned to the call‐
er. If the caller does not need to see these
options, then it may specify NULL for this
parameter. (See NOTES, below.)
RETURN VALUESrpc_gss_seccreate() returns a security context handle (an RPC authenti‐
cation handle) of type AUTH. If rpc_gss_seccreate() cannot return suc‐
cessfully, the application can get an error number by calling
rpc_gss_get_error().
FILES
/etc/gss/mech File containing valid security mechanisms
/etc/gss/qop File containing valid QOP values .
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│MT-Level │MT-Safe │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWrsg (32-bits) │
├─────────────────────────────┼─────────────────────────────┤
│ │SUNWrsgx (64-bits) │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOauth_destroy(3NSL), rpc(3NSL), rpc_gss_get_error(3NSL),
rpc_gss_get_mechanisms(3NSL), rpcsec_gss(3NSL), mech(4), qop(4),
attributes(5)
ONC+ Developer's Guide
Linn, J. RFC 2743, Generic Security Service Application Program Inter‐
face Version 2, Update 1. Network Working Group. January 2000.
NOTES
Contexts may be destroyed normally, with auth_destroy(). See
auth_destroy(3NSL)SunOS 5.10 29 Jun 2001 rpc_gss_seccreate(3NSL)