RPC_GSS_SECCREATE(3NSL) Networking Services Library Functions
NAME
rpc_gss_seccreate - create a security context using the RPCSEC_GSS
protocol
SYNOPSIS
#include <rpc/rpcsec_gss.h>
AUTH *rpc_gss_seccreate(
CLIENT *clnt,
char *principal,
char *mechanism,
rpc_gss_service_t service_type,
char *qop,
rpc_gss_options_req_t *options_req,
rpc_gss_options_ret_t *options_ret);
DESCRIPTION
rpc_gss_seccreate() is used by an application to create a security
context using the
RPCSEC_GSS protocol, making use of the underlying
GSS-API network layer.
rpc_gss_seccreate() allows an application to
specify the type of security mechanism (for example, Kerberos v5),
the type of service (for example, integrity checking), and the
Quality of Protection (
QOP) desired for transferring data.
PARAMETERS
Information on
RPCSEC_GSS data types for parameters may be found on
the
rpcsec_gss(3NSL) man page.
clnt This is the RPC client handle.
clnt may be obtained,
for example, from
clnt_create().
principal This is the identity of the server principal,
specified in the form
service@
host, where
service is
the name of the service the client wishes to access
and
host is the fully qualified name of the host
where the service resides -- for example,
nfs@mymachine.eng.example.com.
mechanism This is an ASCII string which indicates which
security mechanism to use with this data.
Appropriate mechanisms may be found in the file
/etc/gss/mech; additionally,
rpc_gss_get_mechanisms() returns a list of supported security mechanisms (as
null-terminated strings).
service_type This sets the initial type of service for the session
-- privacy, integrity, authentication, or none.
qop This is an ASCII string which sets the quality of
protection (QOP) for the session. Appropriate values
for this string may be found in the file
/etc/gss/qop. Additionally, supported QOPs are
returned (as null-terminated strings) by
rpc_gss_get_mech_info().
options_req This structure contains options which are passed
directly to the underlying
GSS_API layer. If the
caller specifies
NULL for this parameter, defaults
are used. (See
NOTES, below.)
options_ret These
GSS-API options are returned to the caller. If
the caller does not need to see these options, then
it may specify
NULL for this parameter. (See
NOTES, below.)
RETURN VALUES
rpc_gss_seccreate() returns a security context handle (an RPC
authentication handle) of type
AUTH. If
rpc_gss_seccreate() cannot
return successfully, the application can get an error number by
calling
rpc_gss_get_error().
FILES
/etc/gss/mech File containing valid security mechanisms
/etc/gss/qop File containing valid QOP values.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | MT-Safe |
+---------------+-----------------+
SEE ALSO
auth_destroy(3NSL),
rpc(3NSL),
rpc_gss_get_error(3NSL),
rpc_gss_get_mechanisms(3NSL),
rpcsec_gss(3NSL),
mech(5),
qop(5),
attributes(7) ONC+ Developer's Guide Linn, J.
RFC 2743, Generic Security Service Application Program Interface Version 2, Update 1. Network Working Group. January 2000.
November 21, 2021 RPC_GSS_SECCREATE(3NSL)
