gss_inquire_cred_by_mech(3)gss_inquire_cred_by_mech(3)NAMEgss_inquire_cred_by_mech - obtain information about credentials for a
specific security mechanism
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_cred_by_mech(
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
OM_uint32 * acceptor_lifetime,
gss_cred_usage_t * cred_usag );
PARAMETERS
Kerberos 5 error code. Credentials being queried. If GSS_C_NO_CREDEN‐
TIALS is specified, the default initiator credentials are used. Object
identifier (OID) set of security mechanisms for the credentials being
queried. Specify rfc_krb5_c_OID_set for Kerberos 5. The principal name
whose identity the credentials represent. This name is an internal form
name. Specify NULL if this information is not required.
The storage associated with this name should be freed by the
application after use with a call to gss_release_name(). The
number of seconds remaining in the lifetime of initiator creden‐
tials under the specified mechanism. If the credentials have
expired, a value of zero is returned. Specify NULL if this
information is not required. The number of seconds remaining in
the lifetime of acceptor credentials under the specified mecha‐
nism. Since the HP implementation of the GSS-API does not sup‐
port credentials expiration for acceptors, a value of
GSS_C_INDEFINITE is always returned. How the credentials may be
used. Specify NULL if this information is not required.
GSS_C_BOTH -- Credentials may be used to either initiate or
accept security contexts. GSS_C_INITIATE -- Credentials may be
used only to initiate security contexts. GSS_C_ACCEPT-- Cre‐
dentials may be used only to accept security contexts.
DESCRIPTION
The gss_inquire_cred_by_mech() function obtains information about cre‐
dentials for a specified security mechanism. This information includes
the principal name whose identity the credentials represent, the
remaining validity period (initiators only), and the credentials usage.
With Kerberos 5, the credential that is queried is the TGT, not service
tickets.
Before calling this function, the application must first acquire cre‐
dentials.
To avoid memory leaks, the application must release the storage associ‐
ated with the name parameter with a call to gss_release_name() after
use.
RETURN VALUES
GSS_S_BAD_MECH xx01xxxx
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_DEFECTIVE_CREDENTIAL xx0Axxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CRED xx07xxxx
SEE ALSO
Functions: gss_acquire_cred(3), gss_inquire_cred(3),
gss_release_name(3), gss_release_oid_set(3)gss_inquire_cred_by_mech(3)