rpcsec_gss man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

rpcsec_gss(3N)							rpcsec_gss(3N)

NAME
       rpcsec_gss - security flavor incorporating GSS-API protections

SYNOPSIS
       [flag]... file... [library]...
DESCRIPTION
       is  a security flavor which sits "on top" of the GSS-API (Generic Secu‐
       rity Service Application Programming Interface) for  network  transmis‐
       sions.	Applications using can take advantage of GSS-API security fea‐
       tures; moreover, they can use any security mechanism (such as RSA  pub‐
       lic key or Kerberos) that works with the GSS-API.

       The GSS-API offers two security services beyond the traditional authen‐
       tication services and integrity and privacy.  With integrity, the  sys‐
       tem  uses  cryptographic	 checksumming  to ensure the authenticity of a
       message (authenticity of originator, recipient, and data); privacy pro‐
       vides additional security by encrypting data.  Applications using spec‐
       ify which service they wish to use.  The type of	 security  service  is
       mechanism-independent.

       Before  exchanging  data	 with  a peer, an application must establish a
       context for the exchange.  provides a single function for this purpose,
       which allows the application to specify the security mechanism, Quality
       of Protection (QOP), and type of service at context creation.  (The QOP
       parameter  sets	the cryptographic algorithms to be used with integrity
       or privacy, and is mechanism-dependent.)	  Once	a  context  is	estab‐
       lished,	applications  can  reset  the QOP and type of service for each
       data unit exchanged, if desired.	 Validation mechanisms and QOPs may be
       obtained from configuration files or from the name service.  Each mech‐
       anism has a default QOP.

       Contexts are destroyed with the usual RPC call.

   Data Structures
       Some of the data structures used by the RPCSEC_GSS  package  are	 shown
       below.

   rpc_gss_service_t
       This  enum defines the types of security services the context may have.
       takes this as one argument when setting the service type for a session.

   rpc_gss_options_req_t
       Structure containing options passed directly through  to	 the  GSS-API.
       takes this as an argument when creating a context.

   rpc_gss_OID
       This data type is used by in-kernel RPC routines, and thus is mentioned
       here for informational purposes only.

   rpc_gss_options_ret_t
       Structure containing GSS-API options returned to the calling  function,
       is defined as 128.

   rpc_gss_principal_t
       The  (mechanism-dependent,  opaque) client principal type is used as an
       argument to the function, and in the table.   Also  referenced  by  the
       structure for raw credentials (see below).

   rpc_gss_rawcred_t
       Structure for raw credentials used by and

   rpc_gss_ucred_t
       Structure for UNIX credentials used by as an alternative to

   rpc_gss_callback_t
       Callback structure used by

   rpc_gss_lock_t
       Structure  used	by  a callback routine to enforce a particular QOP and
       service for a session.  The field is normally set to the server sets it
       to  in  order  to  lock the session.  (A locked context will reject all
       requests having different QOP and service values than  those  found  in
       the structure.)	For more information, see rpc_gss_set_callback(3N).

   rpc_gss_error_t
       Structure used by to fetch an error code when a routine fails.

   Index to Routines
       The  following  lists  routines and the manual reference pages on which
       they are described.  An (S) indicates it is a server-side function.

       rpc_gss_seccreate(3N)
	      Create a secure context.

       rpc_gss_set_defaults(3N)
	      Switch service and QOP for a session.

       rpc_gss_max_data_length(3N)
	      Get maximum data length allowed by transport.

       rpc_gss_set_svc_name(3N)
	      Set server's principal name. (S)

       rpc_gss_getcred(3N)
	      Get credentials of caller. (S)

       rpc_gss_set_callback(3N)
	      Specify callback to see context use. (S)

       rpc_gss_get_principal_name(3N)
	      Get client principal name. (S)

       rpc_gss_svc_max_data_length(3N)
	      Get maximum data length allowed by transport. (S)

       rpc_gss_get_error(3N)
	      Get error number.

       rpc_gss_get_mechanisms(3N)
	      Get valid mechanism strings.

       rpc_gss_get_mech_info(3N)
	      Get valid QOP strings for current service.

       rpc_gss_get_versions(3N)
	      Get supported versions.

       rpc_gss_is_installed(3N)
	      Checks if a mechanism is installed.

       rpc_gss_mech_to_oid(3N)
	      Maps ASCII mechanism to OID representation.

       rpc_gss_qop_to_num(3N)
	      Maps ASCII QOP, mechanism to number.

   Utilities
       The utility manages the table, which  contains  mappings	 of  principal
       names  between network and local credentials.  See the gsscred(1M) man‐
       page.

MULTITHREAD USAGE
       Thread Safe:	     Yes
       Cancel Safe:	     Yes
       Fork Safe:	     No
       Async-cancel Safe:    No
       Async-signal Safe:    No

       These functions can be called safely in	a  multithreaded  environment.
       They  may  be  cancellation points in that they call functions that are
       cancel points.

       In a multithreaded environment, these functions	are  not  safe	to  be
       called  by  a child process after and before These functions should not
       be called by a multithreaded  application  that	supports  asynchronous
       cancellation or asynchronous signals.

FILES
       List of installed mechanisms.
       List of valid QOPs.

SEE ALSO
       gsscred(1M), rpc(3N), rpc_clnt_auth(3N), xdr(3N), environ(5).

								rpcsec_gss(3N)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net