Index Index for
Section 3
Index Alphabetical
listing for C
Bottom of page Bottom of
page		 

csf_gss_get_context_options(3)


NAME

  csf_gss_get_context_options - Obtain information about a security context


SYNOPSIS

  #include <gssapi/gssapi.h>

  OM_uint32 csf_gss_get_context_options(
	  OM_uint32 minor_status,
	  const gss_ctx_id_t context handle,
	  OM_uint32 ctx_flags );


PARAMETERS

  minor_status
	  Kerberos 5 error code.

  context_handle
	  Security context to be queried.

  ctx_flags
	  Flags that indicate the service options the context supports.
	  Specify NULL if this information is not required.

	  Symbolic names are provided for each flag. These names should be
	  bitwise ANDed with the ctx_flags value to test whether a given
	  option is supported by the context.

	  The flags are:

	  CSF_GSS_C_DES_FLAG
	      True -- DES encryption is available.

	      False -- DES encryption is not available.

	  CSF_GSS_C_DES3_FLAG
	      True -- DES3 encryption is available.

	      False -- DES3 encryption is not available.

					   Note

		 DES3 and DES encryption are mutually exclusive and unique to
		 the HP implementation of the GSS-API.

	  GSS_C_ANON_FLAG
	      Since the HP Application Security SDK does not support
	      anonymous authentication, this value is always set to false.

	  GSS_C_CONF_FLAG
	      True -- Confidentiality service may be invoked by calling the
	      gss_wrap() function.

	      False -- No confidentiality service via gss_wrap() is
	      available. The gss_wrap() function provides message
	      encapsulation, data origin authentication, and integrity
	      services only.

	  GSS_C_DELEG_FLAG
	      True -- Credentials were delegated to the initiating
	      application.

	      False -- No credentials were delegated.

	  GSS_C_INTEG_FLAG
	      True -- Integrity service may be invoked by calling either
	      gss_get_mic() or gss_wrap().

	      False -- Per-message integrity service is unavailable.

	  GSS_C_MUTUAL_FLAG
	      True -- The remote peer that, in this case, is the initiating
	      application, requested mutual authentication.

	      False -- The remote peer did not request mutual authentication.

	  GSS_C_PROT_READY_FLAG
	      The value of this bit indicates the actual state at the time
	      gss_accept_sec_context() returns, whether or not the context is
	      fully established.

	      True -- Protection services (as specified by the states of
	      GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use if
	      the accompanying major status return value is either
	      GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED.

	      False -- Protection services (as specified by the states of
	      GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available only if the
	      accompanying major status return value is GSS_S_COMPLETE.

	  GSS_C_REPLAY_FLAG
	      True -- Replay of protected messages will be detected.

	      False -- Replay of messages will not be detected.

	  GSS_C_SEQUENCE_FLAG
	      True -- Out-of-sequence protected messages will be detected.

	      False -- Out-of-sequence messages will not be detected.

	  GSS_C_TRANS_FLAG
	      The value of this bit indicates the actual state at the time
	      gss_accept_sec_context() returns, whether or not the context is
	      fully established.

	      True -- The resulting security context may be transferred to
	      other processes via a call to gss_export_sec_context().

	      False -- The security context is not transferable.


DESCRIPTION

  The csf_gss_get_context_options() function is an extension that obtains
  information about a security context. The application must already have
  initiated the context, although the context need not be fully established.

  Use this function to determine what type of encryption (DES3 or DES) is
  supported by the context. A context can be downgraded from DES3 to DES if
  the following conditions are not met:

    ·  ActiveTRUST Security Server must be configured for DES3.

    ·  The principals for the initiating and accepting applications must be
       DES3 enabled in the principal database.

    ·  The security context initiator must obtain a TGT enabled for DES3.

    ·  The security context initiator must use the DES3 flag when initiating
       the security context.


RETURN VALUES

  GSS_S_CALL_INACCESSIBLE_READ	  01xxxxxx
  GSS_S_CALL_INACCESSIBLE_WRITE	  02xxxxxx
  GSS_S_COMPLETE		  00000000
  GSS_S_FAILURE			  xx0Dxxxx
  GSS_S_NO_CONTEXT		  xx08xxxx


PORTABILITY CONSIDERATIONS

  This function is an HP extension of the GSS-API standard that is not
  supported by other GSS-API implementations.


SEE ALSO

  Functions:   gss_accept_sec_context(3), gss_get_mic(3),
  gss_import_sec_context(3), gss_init_sec_context(3), gss_wrap(3)

Index Index for
Section 3
Index Alphabetical
listing for C
Top of page Top of
page