JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

GSS-API Functions

Functions From Previous Versions of GSS-API

Functions for Manipulating OIDs

Renamed Functions

GSS-API Status Codes

GSS-API Major Status Code Values

Displaying Status Codes

Status Code Macros

GSS-API Data Types and Values

Basic GSS-API Data Types

OM_uint32

gss_buffer_desc

gss_OID_desc

gss_OID_set_desc

gss_channel_bindings_struct

Name Types

Address Types for Channel Bindings

Implementation-Specific Features in GSS-API

Oracle Solaris-Specific Functions

Human-Readable Name Syntax

Format of Anonymous Names

Implementations of Selected Data Types

Deletion of Contexts and Stored Data

Protection of Channel-Binding Information

Context Exportation and Interprocess Tokens

Types of Credentials Supported

Credential Expiration

Context Expiration

Wrap Size Limits and QOP Values

Use of minor_status Parameter

Kerberos v5 Status Codes

Messages Returned in Kerberos v5 for Status Code 1

Messages Returned in Kerberos v5 for Status Code 2

Messages Returned in Kerberos v5 for Status Code 3

Messages Returned in Kerberos v5 for Status Code 4

Messages Returned in Kerberos v5 for Status Code 5

Messages Returned in Kerberos v5 for Status Code 6

Messages Returned in Kerberos v5 for Status Code 7

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

GSS-API Functions

The Oracle Solaris software implements the GSS-API functions. For more information on each function, see its man page. See also Functions From Previous Versions of GSS-API.

gss_acquire_cred()

Assume a global identity by obtaining a GSS-API credential handle for preexisting credentials

gss_add_cred()

Construct credentials incrementally

gss_inquire_cred()

Obtain information about a credential

gss_inquire_cred_by_mech()

Obtain per-mechanism information about a credential

gss_release_cred()

Discard a credential handle

gss_init_sec_context()

Initiate a security context with a peer application

gss_accept_sec_context()

Accept a security context initiated by a peer application

gss_delete_sec_context()

Discard a security context

gss_process_context_token()

Process a token on a security context from a peer application

gss_context_time()

Determine how long a context is to remain valid

gss_inquire_context()

Obtain information about a security context

gss_wrap_size_limit()

Determine token-size limit for gss_wrap() on a context

gss_export_sec_context()

Transfer a security context to another process

gss_import_sec_context()

Import a transferred context

gss_get_mic()

Calculate a cryptographic message integrity code (MIC) for a message

gss_verify_mic()

Check a MIC against a message to verify integrity of a received message

gss_wrap()

Attach a MIC to a message, and optionally encrypt the message content

gss_unwrap()

Verify a message with attached MIC. Decrypt message content if necessary

gss_import_name()

Convert a contiguous string name to an internal-form name

gss_display_name()

Convert internal-form name to text

gss_compare_name()

Compare two internal-form names

gss_release_name()

Discard an internal-form name

gss_inquire_names_for_mech()

List the name types supported by the specified mechanism

gss_inquire_mechs_for_name()

List mechanisms that support the specified name type

gss_canonicalize_name()

Convert an internal name to a mechanism name (MN)

gss_export_name()

Convert an MN to export form

gss_duplicate_name()

Create a copy of an internal name

gss_add_oid_set_member()

Add an object identifier to a set

gss_display_status()

Convert a GSS-API status code to text

gss_indicate_mechs()

Determine available underlying authentication mechanisms

gss_release_buffer()

Discard a buffer

gss_release_oid_set()

Discard a set of object identifiers

gss_create_empty_oid_set()

Create a set with no object identifiers

gss_test_oid_set_member()

Determine whether an object identifier is a member of a set

Functions From Previous Versions of GSS-API

This section explains functions that were included in previous versions of the GSS-API.

Functions for Manipulating OIDs

The Oracle Solaris implementation of GSS-API provides the following functions for convenience and for backward compatibility. However, these functions might not be supported by other implementations of GSS-API.

Although a mechanism's name can be converted from a string to an OID, programmers should use the default GSS-API mechanism if at all possible.

Renamed Functions

The following functions have been supplanted by newer functions. In each case, the new function is the functional equivalent of the older function. Although the old functions are supported, developers should replace these functions with the newer functions whenever possible.