gss_get_mic()--Generate Cryptographic Signature for Message

Syntax

 #include <gssapi.h>

 OM_uint32 gss_get_mic(
     OM_uint32 *    minor_status,
     gss_ctx_id_t   context_handle,  
     gss_qop_t      qop_req,
     gss_buffer_t     input_message
     gss_buffer_t     output_token);

  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_get_mic() function generates a cryptographic signature for a message and returns this signature in a token that can be sent to a partner application. The partner application then calls the gss_verify_mic() routine to validate the signature.

Parameters

minor_status (Output)

A status code from the security mechanism.

context_handle (Input)

The context to be associated with the message when it is sent to the partner application.

qop_req (Input)

The requested quality of protection for the message. Specify GSS_C_QOP_DEFAULT to use the default quality of protection as defined by the selected security mechanism.

The Kerberos security mechanism supports three quality of protection levels as follows (in decreasing order or speed):

GSS_KRB5_INTEG_C_QOP_MD5	Truncated MD5
GSS_KRB5_INTEG_C_QOP_DES_MD5	DES_MAC of an MD5 hash (default)
GSS_KRB5_INTEG_C_QOP_DES_MAC	Normal DES_MAC algorithm

input_message (Input)

The message for which a signature is to be generated.

output_token (Output)

A token containing the message signature. The message and this token are then sent to the partner application, which calls the gss_verify_mic() function to verify the authenticity of the message.

Return Value

The return value is one of the following status codes:

GSS_S_BAD_QOP

The requested quality of protection value is not valid.

GSS_S_COMPLETE

The routine completed successfully.

GSS_S_CONTEXT_EXPIRED

The referenced context has expired.

GSS_S_CREDENTIALS_EXPIRED

The credentials associated with the referenced context have expired.

GSS_S_FAILURE

The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.

GSS_S_NO_CONTEXT

The context identifier provided by the caller does not refer to a valid security context.

Authorities

Object Referred to	Data Authority Required
Each directory in the path name preceding the configuration file	*X
Configuration file	*R

Object Referred to

Data Authority Required

Each directory in the path name preceding the configuration file

Configuration file

Error Messages

Message ID	Error Message Text
CPE3418 E	Possible APAR condition or hardware failure.

Message ID

Error Message Text

CPE3418 E

Possible APAR condition or hardware failure.