GSS-API Reference

This appendix covers the following topics:

• GSS-API Functions providesa table of GSS-API functions.

• GSS-API Status Codes discussesstatus codes returned by GSS-API functions, and provides a list of those statuscodes.

• GSS-API Data Types and Values discussesthe various data types used by GSS-API.

• Implementation-Specific Features in GSS-API covers features that are unique to the Oracle Solaris implementation of GSS-API.

• Kerberos v5 Status Codes liststhe status codes that can be returned by the Kerberos v5 mechanism.

Additional GSS-API definitions can be found in the filegssapi.h.

GSS-API Functions

The Oracle Solaris software implements the GSS-API functions. For more informationon each function, see its man page. See alsoFunctions From Previous Versions of GSS-API.

gss_acquire_cred()

Assume a global identity by obtaining a GSS-API credential handle for preexisting credentials

gss_add_cred()

Construct credentials incrementally

gss_inquire_cred()

Obtain information about a credential

gss_inquire_cred_by_mech()

Obtain per-mechanism information about a credential

gss_release_cred()

Discard a credential handle

gss_init_sec_context()

Initiate a security context with a peer application

gss_accept_sec_context()

Accept a security context initiated by a peer application

gss_delete_sec_context()

Discard a security context

gss_process_context_token()

Process a token on a security context from a peer application

gss_context_time()

Determine how long a context is to remain valid

gss_inquire_context()

Obtain information about a security context

gss_wrap_size_limit()

Determine token-size limit forgss_wrap() on a context

gss_export_sec_context()

Transfer a security context to another process

gss_import_sec_context()

Import a transferred context

gss_get_mic()

Calculate a cryptographic message integrity code (MIC) for a message

gss_verify_mic()

Check a MIC against a message to verify integrity of a received message

gss_wrap()

Attach a MIC to a message, and optionally encrypt the message content

gss_unwrap()

Verify a message with attached MIC. Decrypt message content if necessary

gss_import_name()

Convert a contiguous string name to an internal-form name

gss_display_name()

Convert internal-form name to text

gss_compare_name()

Compare two internal-form names

gss_release_name()

Discard an internal-form name

gss_inquire_names_for_mech()

List the name types supported by the specified mechanism

gss_inquire_mechs_for_name()

List mechanisms that support the specified name type

gss_canonicalize_name()

Convert an internal name to a mechanism name (MN)

gss_export_name()

Convert an MN to export form

gss_duplicate_name()

Create a copy of an internal name

gss_add_oid_set_member()

Add an object identifier to a set

gss_display_status()

Convert a GSS-API status code to text

gss_indicate_mechs()

Determine available underlying authentication mechanisms

gss_release_buffer()

Discard a buffer

gss_release_oid_set()

Discard a set of object identifiers

gss_create_empty_oid_set()

Create a set with no object identifiers

gss_test_oid_set_member()

Determine whether an object identifier is a member of a set

Functions From Previous Versions of GSS-API

This section explains functions that were included in previous versionsof the GSS-API.

Functions for Manipulating OIDs

The Oracle Solaris implementation of GSS-API provides the following functions for convenience and for backwardcompatibility. However, these functions might not be supported by other implementationsof GSS-API.

• gss_delete_oid()

• gss_oid_to_str()

• gss_str_to_oid()

Although a mechanism's name can be converted from a string to an OID,programmers should use the default GSS-API mechanism if at all possible.

Renamed GSS-API Functions

The following functions have been supplanted by newer functions. Ineach case, the new function is the functional equivalent of the older function.Although the old functions are supported, developers should replace thesefunctions with the newer functions whenever possible.

• gss_sign() has been replaced withgss_get_mic().

• gss_verify() has been replaced withgss_verify_mic().

• gss_seal() has been replaced withgss_wrap().

• gss_unseal() has been replaced withgss_unwrap().