gss_accept_sec_context man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

gss_accept_sec_context(3)			     gss_accept_sec_context(3)

NAME
       gss_accept_sec_context()	 -  establish  a  security context between the
       application and a context acceptor

SYNOPSIS

DESCRIPTION
       The routine is the second  step	in  establishing  a  security  context
       between	the  context  initiator	 and a context acceptor.  In the first
       step, the context initiator calls the routine.  The routine generates a
       token  for the security context and passes it to the context initiator.
       The context initiator sends the token to the context acceptor.

       In the second step, the context acceptor accepts the call from the con‐
       text  initiator and calls the routine.  The routine expects a value for
       the input_token parameter.  The value for the input_token parameter  is
       generated by the routine and passed by the initiator to the acceptor.

       The  routine  can  also	return a value for the output_token parameter.
       The context acceptor presents the token to the routine.	If the	accep‐
       tor  does  not  need  to send a token to the initiator, sets the length
       field of the output_token parameter to 0 (zero).

       To complete establishing the context, the context initiator can require
       one or more reply tokens from the context acceptor.  If the application
       requires reply tokens, the routine returns a  status  value  containing
       The  application	 calls	the  routine  again  when  the	reply token is
       received from the context acceptor.  The application passes  the	 token
       to the routine via the output_token parameters.

       The  values returned using the src_name, ret_flags, time_rec, and dele‐
       gated_cred_handle parameters are not defined unless the routine returns
       the status,

   Input Parameters
       acceptor_cred_handle  Specifies	the  credential	 handle (the identity)
			     claimed  by  the  context	acceptor.    This   is
			     optional  information.   The  credential  must be
			     either an ACCEPT type credential or a  BOTH  type
			     credential.   Specify  to	accept	the context as
			     default principal

       input_token_buffer    Specifies the token  received  from  the  context
			     acceptor.

       input_chan_bindings   Specifies	bindings  supplied by the context ini‐
			     tiator.  Allows the context initiator to bind the
			     channel  identification  information  securely to
			     the security context.  If no channel bindings are
			     used, specify

   Input/Output Parameters
       context_handle	     Specifies	a  context  handle  for a new context.
			     The first time the	 context  initiator  uses  the
			     routine,  specify	to  set up a specific context.
			     In subsequent calls, use the  value  returned  by
			     this parameter.

   Output Parameters
       src_name		     Returns  the  authenticated  name	of the context
			     initiator.	 This information is optional.	If the
			     authenticated name is not required, specify NULL.
			     To deallocate the authenticated name, pass it  to
			     the routine.

       actual_mech_type	     Actual  mechanism	used.	Specify	 NULL  if  not
			     required.

       output_token	     Returns a token to pass to the context  acceptor.
			     If no token is to be passed to the context accep‐
			     tor, the routine sets the	length	field  of  the
			     returned token buffer to 0 (zero).

       ret_flags	     Returns  a	 bitmask  containing  six  independent
			     flags, each of which requests  that  the  context
			     support a service option.	The following symbolic
			     names are provided to correspond  to  each	 flag.
			     The symbolic names should be logically ANDed with
			     the value of ret_flags to test whether  the  con‐
			     text supports the service option.

			     The True/False values are:

				True	  Delegated  credentials are available
					  from	  the	 delegated_cred_handle
					  parameter.

				False	  No credentials were delegated.

			     The True/False values are:

				True	  The	context	  acceptor   requested
					  mutual authentication.

				False	  The context acceptor did not request
					  mutual authentication.

			     The True/False values are:

				True	  Replayed  signed  or sealed messages
					  will be detected.

				False	  Replayed  messages   will   not   be
					  detected.

			     The True/False values are:

				True	  Out-of-sequence   signed  or	sealed
					  messages will be detected.

				False	  Out-of-sequence  signed  or	sealed
					  messages will not be detected.

			     The True/False values are:

				True	  Confidentiality  services are avail‐
					  able by calling the routine.

				False	  Confidentiality  services  are   not
					  available.  However, the application
					  can call the routine to provide mes‐
					  sage	  encapsulation,   data-origin
					  authentication, and  integrity  ser‐
					  vices.

			     The True/False values are:

				True	  Integrity services can be invoked by
					  calling either the or routine.

				False	  Integrity  services  for  individual
					  messages are not available.

			     The True/False values are:

				True	  The  initiator's  identity  has  not
					  been	revealed,  and	will  not   be
					  revealed  if	any  emitted  token is
					  passed to the acceptor.

				False	  The initiator's identity has been or
					  will be authenticated normally.

			     The True/False values are:

				True	  Protection services (as specified by
					  the states of the and are  available
					  for  use  if	the accompanying major
					  status return value is either or

				False	  Protection services (as specified by
					  the  states of the and are available
					  only if the accompanying major  sta‐
					  tus return value is

			     The True/False values are:

				True	  The  resultant  security context may
					  be transferred  to  other  processes
					  via a call to

				False	  The  security	 context is not trans‐
					  ferable.

       time_rec		     Returns the number of seconds for which the  con‐
			     text  remains  valid.   This is optional informa‐
			     tion. If the time is not required, specify NULL.

       delegated_cred_handle Returns the  credential  handle  for  credentials
			     received from the context initiator.  The creden‐
			     tial handle is valid only	if  delegated  creden‐
			     tials are available.   If the ret_flags parameter
			     is true, the flag s set,  indicating  that	 dele‐
			     gated credentials are available.

       minor_status	     Returns  a	 status	 code from the security mecha‐
			     nism.

STATUS CODES
       The following status codes can be returned:

       The routine was completed successfully.

       The			input_token parameter contains different chan‐
				nel  bindings  from  those  specified with the
				input_chan_bindings parameter.

       The			input_token parameter contains an invalid sig‐
				nature.

       To complete the context, the
				routine	 must  be  called  again  with a token
				required from the context acceptor.

       The referenced credentials have expired.

       Consistency checks performed on the
				credential failed.

       Consistency checks performed on the
				input_token parameter failed.

       The			input_token parameter was  already  processed.
				This  is a fatal error that occurs during con‐
				text establishment.

       The routine failed. See the
				minor_status parameter return value  for  more
				information.

       The supplied context handle did not refer to a valid context.

       Indicates either the supplied credentials were not valid for context
				acceptance  or	the  credential handle did not
				reference any credentials.

       The			input_token parameter was too old.  This is  a
				fatal  error that occurs during context estab‐
				lishment.

       The received token specified a mechanism that is not supported

AUTHOR
       was developed by Sun Microsystems, Inc.

SEE ALSO
       gss_acquire_cred(3),    gss_delete_sec_context(3),    gss_init_sec_con‐
       text(3).

       The  manpages  for DCE-GSSAPI are included with the DCE-CoreTools prod‐
       uct.  To see those manpages add to

						     gss_accept_sec_context(3)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net