JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris Security     Oracle Solaris 11 Express 11/10
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications and Providers

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Sample C-Based GSS-API Programs

B.  GSS-API Reference

C.  Specifying an OID

Files with OID Values

/etc/gss/mech File

/etc/gss/qop File

gss_str_to_oid() Function

Constructing Mechanism OIDs

createMechOid() Function

Specifying a Non-Default Mechanism

D.  Source Code for SASL Example

E.  SASL Reference Tables

F.  Packaging and Signing Cryptographic Providers

Glossary

Index

Files with OID Values

For convenience, the GSS-API does allow mechanisms and QOPs to be displayed in human-readable form. On Oracle Solaris systems, two files, /etc/gss/mech and /etc/gss/qop, contain information about available mechanisms and available QOPs. If you do not have access to these files, then you must provide the string literals from some other source. The published Internet standard for that mechanism or QOP should serve that purpose.

/etc/gss/mech File

The /etc/gss/mech file lists the mechanisms that are available. /etc/gss/mech contains the names in both the numerical format and the alphabetic form. /etc/gss/mech presents the information in this format:

A sample /etc/gss/mech might look like Example C-1.

Example C-1 The /etc/gss/mech File

# 
# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident    "@(#)mech    1.12    03/10/20 SMI"
#
# This file contains the GSS-API based security mechanism names,
# the associated object identifiers (OID) and a shared library that 
# implements the services for the mechanisms under GSS-API.
#
# Mechanism Name    Object Identifier    Shared Library    Kernel Module
[Options]
#
kerberos_v5        1.2.840.113554.1.2.2    mech_krb5.so kmech_krb5 
spnego            1.3.6.1.5.5.2        mech_spnego.so.1 [msinterop]
diffie_hellman_640_0    1.3.6.4.1.42.2.26.2.4    dh640-0.so.1
diffie_hellman_1024_0    1.3.6.4.1.42.2.26.2.5    dh1024-0.so.1

/etc/gss/qop File

The /etc/gss/qop file stores, for all mechanisms installed, all the QOPs supported by each mechanism, both as an ASCII string and as the corresponding 32–bit integer. A sample /etc/gss/qop might look like the following example.

Example C-2 The /etc/gss/qop File

#
# Copyright (c) 2000, by Sun Microsystems, Inc.
# All rights reserved.
#
#ident  "@(#)qop 1.3     00/11/09 SMI" 
#
# This file contains information about the GSS-API based quality of
# protection (QOP), its string name and its value (32-bit integer).
#
# QOP string                    QOP Value       Mechanism Name
#
GSS_KRB5_INTEG_C_QOP_DES_MD5    0               kerberos_v5
GSS_KRB5_CONF_C_QOP_DES         0               kerberos_v5
Copyright © 2000, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next