Oracle Solaris Security for Developers Guide

Generalized GSS-API Usage

The general steps for using GSS-API are as follows:

  1. Each application, both sender and recipient, acquires credentials explicitly, unless credentials have been acquired automatically.

  2. The sender initiates a security context. The recipient accepts the context.

  3. The sender applies security protection to the data to be transmitted. The sender either encrypts the message or stamps the data with an identification tag. The sender then transmits the protected message.

    Note –

    The sender can choose not to apply either security protection, in which case the message has only the default GSS-API security service, that is, authentication.

  4. The recipient decrypts the message if needed and verifies the message if appropriate.

  5. (Optional) The recipient returns an identification tag to the sender for confirmation.

  6. Both applications destroy the shared security context. If necessary, the allocations can also deallocate any remaining GSS-API data.

Caution – Caution –

The calling application is responsible for freeing all data space that has been allocated.

Applications that use GSS-API need to include the file gssapi.h.