GSS-API Functions

The Oracle Solaris software implements the GSS-API functions. For more information on each function, see its man page. See also Functions From Previous Versions of GSS-API.

gss_acquire_cred()

Assume a global identity by obtaining a GSS-API credential handle for preexisting credentials

gss_add_cred()

Construct credentials incrementally

gss_inquire_cred()

Obtain information about a credential

gss_inquire_cred_by_mech()

Obtain per-mechanism information about a credential

gss_release_cred()

Discard a credential handle

gss_init_sec_context()

Initiate a security context with a peer application

gss_accept_sec_context()

Accept a security context initiated by a peer application

gss_delete_sec_context()

Discard a security context

gss_process_context_token()

Process a token on a security context from a peer application

gss_context_time()

Determine how long a context is to remain valid

gss_inquire_context()

Obtain information about a security context

gss_wrap_size_limit()

Determine token-size limit for gss_wrap() on a context

gss_export_sec_context()

Transfer a security context to another process

gss_import_sec_context()

Import a transferred context

gss_get_mic()

Calculate a cryptographic message integrity code (MIC) for a message

gss_verify_mic()

Check a MIC against a message to verify integrity of a received message

gss_wrap()

Attach a MIC to a message, and optionally encrypt the message content

gss_unwrap()

Verify a message with attached MIC. Decrypt message content if necessary

gss_import_name()

Convert a contiguous string name to an internal-form name

gss_display_name()

Convert internal-form name to text

gss_compare_name()

Compare two internal-form names

gss_release_name()

Discard an internal-form name

gss_inquire_names_for_mech()

List the name types supported by the specified mechanism

gss_inquire_mechs_for_name()

List mechanisms that support the specified name type

gss_canonicalize_name()

Convert an internal name to a mechanism name (MN)

gss_export_name()

Convert an MN to export form

gss_duplicate_name()

Create a copy of an internal name

gss_add_oid_set_member()

Add an object identifier to a set

gss_display_status()

Convert a GSS-API status code to text

gss_indicate_mechs()

Determine available underlying authentication mechanisms

gss_release_buffer()

Discard a buffer

gss_release_oid_set()

Discard a set of object identifiers

gss_create_empty_oid_set()

Create a set with no object identifiers

gss_test_oid_set_member()

Determine whether an object identifier is a member of a set

Functions From Previous Versions of GSS-API

This section explains functions that were included in previous versions of the GSS-API.

Functions for Manipulating OIDs

The Oracle Solaris implementation of GSS-API provides the following functions for convenience and for backward compatibility. However, these functions might not be supported by other implementations of GSS-API.

• gss_delete_oid()

• gss_oid_to_str()

• gss_str_to_oid()

Although a mechanism's name can be converted from a string to an OID, programmers should use the default GSS-API mechanism if at all possible.

Renamed Functions

The following functions have been supplanted by newer functions. In each case, the new function is the functional equivalent of the older function. Although the old functions are supported, developers should replace these functions with the newer functions whenever possible.

• gss_sign() has been replaced with gss_get_mic().

• gss_verify() has been replaced with gss_verify_mic().

• gss_seal() has been replaced with gss_wrap().

• gss_unseal() has been replaced with gss_unwrap().