You should use the default QOP and mechanism provided by the GSS-API if at all possible. SeeGSS-API OIDs. However, you might have your own reasons for specifying OIDs.
This appendix describes how to specify OIDs:
For convenience, the GSS-API does allow mechanisms and QOPs to be displayedin human-readable form. On Oracle Solaris systems, two files,/etc/gss/mech and/etc/gss/qop, contain information about available mechanisms andavailable QOPs. If you do not have access to these files, then you must providethe string literals from some other source. The published Internet standardfor that mechanism or QOP should serve that purpose.
The/etc/gss/mech file lists the mechanisms thatare available./etc/gss/mech contains the names in boththe numerical format and the alphabetic form./etc/gss/mech presentsthe information in this format:
Mechanism name, in ASCII
Mechanism's OID
Shared library for implementing the services that are providedby this mechanism
Optionally, the kernel module for implementing the service
An/etc/gss/mech might look like the following example.
# # Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.##ident"@(#)mech1.1203/10/20 SMI"## This file contains the GSS-API based security mechanism names,# the associated object identifiers (OID) and a shared library that # implements the services for the mechanisms under GSS-API.## Mechanism NameObject IdentifierShared LibraryKernel Module[Options]#kerberos_v51.2.840.113554.1.2.2mech_krb5.so kmech_krb5 spnego1.3.6.1.5.5.2mech_spnego.so.1 [msinterop]diffie_hellman_640_01.3.6.4.1.42.2.26.2.4dh640-0.so.1diffie_hellman_1024_01.3.6.4.1.42.2.26.2.5dh1024-0.so.1
The/etc/gss/qop file stores, for all mechanisms installed, all the QOPs supported by each mechanism, both as an ASCII string and as the corresponding 32-bit integer. An/etc/gss/qop might look like the following example.
## Copyright (c) 2000,2012 by Oracle and/or its affiliates. All rights reserved.# All rights reserved.##ident "@(#)qop 1.3 00/11/09 SMI" ## This file contains information about the GSS-API based quality of# protection (QOP), its string name and its value (32-bit integer).## QOP string QOP Value Mechanism Name#GSS_KRB5_INTEG_C_QOP_DES_MD5 0 kerberos_v5GSS_KRB5_CONF_C_QOP_DES 0 kerberos_v5