GSS-API Programming Guide

Human-Readable Name Syntax

Implementations of the GSS-API may differ in the printable syntax that corresponds to names. Applications that aim for portability should refrain from comparing names based on human—readable (that is, printable) forms and should instead use gss_compare_name() to determine whether or not one internal-format name matches another.

Sun's implementation of gss_display_name() displays names as follows: if the input_nameargument denotes a user principal, the gss_display_name() returns user_principal@realm as the output_name_buffer, and the gss_OID value as the output_name_type. If Kerberos v5 is the underlying mechanism, gss_OID is 1.2.840.11354.1.2.2.

If the name given to gss_display_name() was created by a call to gss_import_name(), specifying GSS_C_NO_OID as the name type, gss_display_name() returns GSS_C_NO_OID via the output_name_type parameter.

Format of Anonymous Names

The gss_display_name() function outputs the string '<anonymous>' to indicate an anonymous GSS-API principal. The name type OID associated with this name is GSS_C_NT_ANONYMOUS. No other valid printable names supported by Sun's implementation can begin with '<' and end with '>'.