implementation-defined default credential
may be used.
input_token_buffer buffer, opaque, read
token obtained from remote application
input_chan_bindings channel bindings, read
Application-specified bindings. Allows
application to securely bind channel
identification information to the security
context.
src_name gss_name_t, modify, optional
Authenticated name of context initiator.
After use, this name should be deallocated by
passing it to gss_release_name. If not required,
specify NULL.
mech_type Object ID, modify
Security mechanism used. The returned
OID value will be a pointer into static
storage, and should be treated as read-only
by the caller.
output_token buffer, opaque, modify
Token to be passed to peer application. If the
length field of the returned token buffer is 0,
then no token need be passed to the peer
application.
RFC 1509 GSSAPI - Overview and C bindings September 1993
ret_flags bit-mask, modify
Contains six independent flags, each of
which indicates that the context supports a
specific service option. Symbolic names are
provided for each flag, and the symbolic names
corresponding to the required flags
should be logically-ANDed with the ret_flags
value to test whether a given option is
supported by the context. The flags are:
GSS_C_DELEG_FLAG
True - Delegated credentials are available
via the delegated_cred_handle
parameter
False - No credentials were delegated
GSS_C_MUTUAL_FLAG
True - Remote peer asked for mutual
authentication
False - Remote peer did not ask for mutual
authentication
GSS_C_REPLAY_FLAG
True - replay of signed or sealed messages
will be detected
False - replayed messages will not be
detected
GSS_C_SEQUENCE_FLAG
True - out-of-sequence signed or sealed
messages will be detected
False - out-of-sequence messages will not
be detected
GSS_C_CONF_FLAG
True - Confidentiality service may be
invoked by calling seal routine
False - No confidentiality service (via
seal) available. seal will
provide message encapsulation,
data-origin authentication and
integrity services only.
GSS_C_INTEG_FLAG
True - Integrity service may be invoked
by calling either gss_sign or
gss_seal routines.
False - Per-message integrity service
unavailable.
time_rec integer, modify, optional
number of seconds for which the context
will remain valid. Specify NULL if not required.
RFC 1509 GSSAPI - Overview and C bindings September 1993
delegated_cred_handle
gss_cred_id_t, modify
credential handle for credentials received from
context initiator. Only valid if deleg_flag in
ret_flags is true.
=13= |
