Generic Security Service APIs

The Generic Security Service APIs support job environments for most EBCDIC CCSIDs. CCSID 290 and 5026 are not supported because of the variance of lowercase letters a to z.

The GSS APIs provide security services to applications that use peer-to-peer communications. For more information on this topic, see Network Authentication Service.

The Generic Security Service APIs are:

• gss_accept_sec_context() (Accept security context) accepts a security context created by the context initiator.
• gss_acquire_cred() (Acquire GSS credential) allows an application to acquire a GSS credential.
• gss_add_cred() (Add credential element to existing GSS credential) adds a credential element to an existing GSS credential.
• gss_add_oid_set_member() (Add OID to an OID set) adds a new OID to an existing OID set.
• gss_canonicalize_name() (Reduce GSS internal name to mechanism name) takes a GSS internal name that contains multiple internal representations and returns a new GSS internal name with a single name representation that corresponds to the specified security mechanism.
• gss_compare_name() (Compare two internal GSS names) allows an application to compare two internal names to determine whether they refer to the same object.
• gss_context_time() (Get number of seconds security context remains valid) checks the specified security context and returns the number of seconds that the context remains valid.
• gss_create_empty_oid_set() (Create empty OID set) creates a new, empty OID set. Members can be added to the OID set by calling the gss_add_oid_set_member() routine.
• gss_delete_sec_context() (Delete security context) deletes one end of a security context.
• gss_display_name() (Get textual representation of internal GSS name) returns the textual representation of an opaque internal name.
• gss_display_status() (Get textual representation of GSS status code or mechanism code) provides an application with a textual representation of a GSS or mechanism status code.
• gss_duplicate_name() (Create duplicate GSS internal name) creates a duplicate of a GSS internal name.
• gss_export_cred() (Export GSS Credential) creates a credential token for a GSS-API credential.
• gss_export_name() (Create Opaque Token for a Mechanism Name) creates an opaque token for a mechanism name.
• gss_export_sec_context() (Export Security Context) creates a context token for a GSS API security context.
• gss_get_mic() (Generate cryptographic signature for message) generates a cryptographic signature for a message and returns this signature in a token that can be sent to a partner application.
• gss_import_cred() (Import GSS Credential) accepts a credential token created by thegss_export_cred()routine and creates a GSS API credential.
• gss_import_name() (Convert printable name to GSS internal format) converts a printable name to the GSS internal format.
• gss_import_sec_context() (Import Security Context) accepts a security context token created by thegss_export_sec_context()routine and creates a GSS API security context.
• gss_indicate_mechs() (Determine available security mechanisms) allows an application to determine which security mechanisms are available on the local system.
• gss_init_sec_context() (Initiate security context) initiates a security context for use by two communicating applications.
• gss_inquire_context() (Get information about security context) returns information about a security context to the calling application.
• gss_inquire_cred() (Get information about GSS credential) returns information about a GSS credential to the calling application.
• gss_inquire_cred_by_mech() (Get information about GSS credential for single security mechanism) returns information about a GSS credential for a single security mechanism.
• gss_inquire_mechs_for_name() (Determine mechanisms to process name) returns the mechanisms with which a name may be processed.
• gss_inquire_names_for_mech() (Get name types supported by security mechanism) returns the name types supported by a security mechanism.
• gss_krb5_acquire_cred_cache() (Acquire GSS Credential from a Kerberos Protocol Credentials Cache) acquires a GSS API credential using a Kerberos credentials cache.
• gss_krb5_ccache_name() (Set Default Kerberos Protocol Credentials Cache Name) sets the default credentials cache name for use by the Kerberos mechanism.
• gss_krb5_copy_ccache() (Copy Tickets From Associated GSS Credentials to Kerberos Protocol Credentials Cache) copies the tickets from the Kerberos credentials cache associated with a GSS API credential to a credentials cache provided by the caller.
• gss_krb5_get_ccache() (Get Kerberos protocol credentials cache associated with specified GSS credential) returns the returns the handle for the Kerberos credentials cache associated with a GSS credential.
• gss_krb5_get_tkt_flags() (Get Kerberos protocol ticket flags) returns the Kerberos ticket flags from the Kerberos ticket associated with the security context.
• gss_oid_to_str() (Convert OID object to string representation of object) converts a gss_oid object to a string representation of the object identifier.
• gss_process_context_token() (Process received context token) processes a context token received from the partner application.
• gss_release_buffer() (Release storage associated with buffer) releases storage associated with a gss_buffer_t buffer. The gss_buffer_desc structure itself is not released.
• gss_release_cred() (Release storage associated with GSS credential) releases the local data structures associated with a GSS credential.
• gss_release_name() (Release storage associated with GSS internal name) releases storage associated with a gss_name_t internal name.
• gss_release_oid() (Release storage associated with OID object) releases storage associated with a gss_oid object.
• gss_release_oid_set() (Release storage associated with a set of OID objects) releases storage associated with a gss_oid_set object.
• gss_str_to_oid() (Convert string representation of an object identifier to an internal OID object) converts the string representation of an object identifier to a gss_OID object.
• gss_test_oid_set_member() (Determine if specified OID is contained in a specified OID set) checks an oid set to see if a specified oid is a member of the set.
• gss_unwrap() (Unwrap a message) unwraps a message sealed by the gss_wrap() routine and verifies the embedded signature.
• gss_verify_mic() (Verify that cryptographic signature is correct) verifies that the cryptographic signature for a message is correct.
• gss_wrap() (Cryptographically sign and optionally encrypt message) cryptographically signs and optionally encrypts a message.
• gss_wrap_size_limit() (Determine largest message that can be wrapped) determines the largest message that can be processed by the gss_wrap() routine without exceeding the specified output token size.
• qkrb_build_spnego_init_token() (Build a SPNEGO initiator token) builds a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller. 
• qkrb_build_spnego_target_token() (Build a SPNEGO target token) builds a Simple and Protected GSS-API Negotiation (SPNEGO) Target Token and returns the results to the caller. 
• qkrb_free_spnego_init_item() (Release storage associated with an initiator token item) releases storage associated with a qkrb_spnego_init_item_t object. 
• qkrb_free_spnego_target_item() (Release storage associated with a target token item) releases storage associated with a qkrb_spnego_target_item t object. 
• qkrb_parse_spnego_init_token() (Parse a SPNEGO initiator token) parses a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller. 
• qkrb_parse_spnego_target_token() (Parse a SPNEGO target token) parses a Simple and Protected GSS-API Negotiation (SPNEGO) Target Token and returns the results to the caller.