ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/gss_add_cred.htm

327 lines
8.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>gss_add_cred()--Add Credential Element to Existing GSS
Credential</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- Edited by Kersten Jan 02 -->
<!-- Created by Kent Hofer for V5R1 -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- End Header Records ============================================ -->
<!--Java sync-link-->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<h2>gss_add_cred()--Add Credential Element to Existing GSS Credential</h2>
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;gssapi.h&gt;
OM_uint32 gss_add_cred(
OM_uint32 * <em>minor_status</em>,
gss_cred_id_t <em>input_cred_handle</em>,
gss_name_t <em>desired_name</em>,
gss_OID <em>mech_type</em>,
gss_cred_usage_t <em>cred_usage</em>,
OM_uint32 <em>init_time_req</em>,
OM_uint32 <em>accept_time_req</em>,
gss_cred_id_t * <em>output_cred_handle</em>,
gss_OID_set * <em>actual_mechs</em>,
OM_uint32 * <em>init_time_rec</em>,
OM_uint32 * <em>accept_time_rec</em>);
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QKRBGSS <br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default public authority: *USE <br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The <strong>gss_add_cred()</strong> function adds a credential element to an
existing GSS credential. The credential must not already contain an element for
the mechanism. A GSS credential must contain an element for each mechanism that
will be used for contexts that are initiated or accepted using the
credential.</p>
<br>
<h3>Parameters</h3>
<dl>
<dt><strong>minor_status</strong>&nbsp;&nbsp;(Output)</dt>
<dd>A status code from the security mechanism.<br>
<br>
</dd>
<dt><strong>input_cred_handle</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The GSS credential that is to be modified. Specify
<strong>GSS_C_NO_CREDENTIAL</strong> to modify the default GSS credential.<br>
<br>
</dd>
<dt><strong>desired_name</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The principal name to be used for the credential.<br>
<br>
</dd>
<dt><strong>mech_type</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The mechanism element to be added to the credential. The credential must
not already contain an element for this mechanism.
<p>The following security mechanisms are supported:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>gss_mech_krb5_old</em></td>
<td align="left" valign="top">Beta Kerberos V5 mechanism</td>
</tr>
<tr>
<td align="left" valign="top"><em>gss_mech_krb5</em></td>
<td align="left" valign="top">Kerberos V5 mechanism</td>
</tr>
</table>
<br>
<br>
</dd>
<dt><strong>cred_usage</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The desired credential usage as follows:<br>
<br>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>GSS_C_ACCEPT</em></td>
<td align="left" valign="top">The credential can be used only to accept
security contexts.</td>
</tr>
<tr>
<td align="left" valign="top"><em>GSS_C_BOTH</em></td>
<td align="left" valign="top">The credential can be used to both initiate and
accept security contexts.</td>
</tr>
<tr>
<td align="left" valign="top"><em>GSS_C_INITIATE</em></td>
<td align="left" valign="top">The credential can be used only to initiate
security contexts.</td>
</tr>
</table>
<br>
<br>
</dd>
<dt><strong>init_time_req</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The number of seconds the credential remains valid for initiating contexts.
The i5/OS implementation of GSS does not support separate initiate and accept
expiration times. The actual expiration time will be the smaller of the
initiate and accept times. Specify zero to request the default lifetime of 2
hours. Specify <strong>GSS_C_INDEFINITE</strong> to request the maximum
lifetime.<br>
<br>
</dd>
<dt><strong>accept_time_req</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The number of seconds the credential remains valid for accepting contexts.
The i5/OS implementation of GSS does not support separate initiate and accept
expiration times. The actual expiration time will be the smaller of the
initiate and accept times. Specify zero to request the default lifetime of 2
hours. Specify <strong>GSS_C_INDEFINITE</strong> to request the maximum
lifetime.<br>
<br>
</dd>
<dt><strong>output_cred_handle</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The credential handle for the updated credential. If <strong>NULL</strong>
is specified for this parameter, the new credential element is added to the
input credential. Otherwise, a new credential is created from the input
credential and contains all of the credential elements of the input credential
plus the new credential element. <strong>NULL</strong> may not be specified for
this parameter if <strong>GSS_C_NO_CREDENTIAL</strong> is specified for the
input credential.<br>
<br>
</dd>
<dt><strong>actual_mechs</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The total set of mechanisms supported by the GSS credential. Specify
<strong>NULL</strong> for this parameter if the actual mechanisms are not
required. The gss_OID_set returned for this parameter should be released by
calling the <strong>gss_release_oid_set()</strong> routine when it is no longer
needed.<br>
<br>
</dd>
<dt><strong>init_time_rec</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The initiate expiration time in seconds. Specify <strong>NULL</strong> for
this parameter if the initiate time is not required.<br>
<br>
</dd>
<dt><strong>accept_time_rec</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The accept expiration time in seconds. Specify <strong>NULL</strong> for
this parameter if the accept time is not required.</dd>
</dl>
<br>
<h3>Return Value</h3>
<p>The return value is one of the following status codes:</p>
<dl>
<dt><strong>GSS_S_BAD_MECH</strong></dt>
<dd>The specified mechanism is not supported.<br>
<br>
</dd>
<dt><strong>GSS_S_BAD_NAME</strong></dt>
<dd>The name specified for the <em>desired_name</em> parameter is not
valid.<br>
<br>
</dd>
<dt><strong>GSS_S_BAD_NAMETYPE</strong></dt>
<dd>The name specified for the <em>desired_name</em> parameter is not supported
by the applicable underlying GSS mechanisms.<br>
<br>
</dd>
<dt><strong>GSS_S_COMPLETE</strong></dt>
<dd>The routine completed successfully.<br>
<br>
</dd>
<dt><strong>GSS_S_DUPLICATE_ELEMENT</strong></dt>
<dd>The credential already contains an element for the specified mechanism.<br>
<br>
</dd>
<dt><strong>GSS_S_FAILURE</strong></dt>
<dd>The routine failed for reasons that are not defined at the GSS level. The
<em>minor_status</em> return parameter contains a mechanism-dependent error
code describing the reason for the failure.<br>
<br>
</dd>
<dt><strong>GSS_S_NO_CRED</strong></dt>
<dd>The referenced credential does not exist.<br>
<br>
</dd>
</dl>
<br>
<h3>Authorities</h3>
<br>
<table border width="80%">
<tr>
<th align="left" valign="bottom">Object Referred to</th>
<th align="center" valign="bottom">Data Authority Required</th>
</tr>
<tr>
<td align="left" valign="top">Each directory in the path name preceding the
configuration file</td>
<td align="center" valign="top">*X</td>
</tr>
<tr>
<td align="left" valign="top">Configuration file</td>
<td align="center" valign="top">*R</td>
</tr>
</table>
<br>
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td width="15%" valign="top">CPE3418 E</td>
<td width="85%" valign="top">Possible APAR condition or hardware failure.</td>
</tr>
</table>
<br>
<h3>Usage Notes</h3>
<ol>
<li>The <strong>gss_add_cred()</strong> routine performs the same functionas
the <strong>gss_acquire_cred()</strong> routine for a single mechanism.</li>
</ol>
<br>
<hr>
API introduced: V5R1
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> <br>
<a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by
category</a> </td>
</tr>
</table>
</center>
</body>
</html>