Files Containing OID Values (GSS-API Programming Guide)

GSS-API Programming Guide

Files Containing OID Values

For convenience, the GSS-API does allow mechanisms and QOPs to be displayed in human-readable form. On Solaris systems, two files, /etc/gss/mech and /etc/gss/qop, contain information about available mechanisms and QOPs. If you don't have access to these files (perhaps because a remote machine won't let you in), then you must provide the string literals from some other source, such as the published internet standard for that mechanism or QOP.

The `/etc/gss/mech` File

You can look in the /etc/gss/mech file to see which mechanisms are available; /etc/gss/mech contains their names in both numerical and alphabetic form. /etc/gss/mech presents the information in this format: the mechanism name, in ASCII; the mechanism's OID; the shared library implementing the services provided by this mechanism; and, optionally, the kernel module implementing the service. A sample /etc/gss/mech might look like Example C–1.

Example C–1 The `/etc/gss/mech` File

# 
# Copyright (c) 2000, by Sun Microsystems, Inc.
# All rights reserved.
#
#ident  "@(#)mech 1.6     00/12/04 SMI" 
#
# This file contains the GSS-API based security mechanism names,
# its object identifier (OID) and a shared library that implements 
# the services for that mechanism under GSS-API.
#
# Mechanism Name        Object Identifier       Shared Library  Kernel Module
#
diffie_hellman_640_0    1.3.6.4.1.42.2.26.2.4   dh640-0.so.1
diffie_hellman_1024_0   1.3.6.4.1.42.2.26.2.5   dh1024-0.so.1
kerberos_v5             1.2.840.113554.1.2.2    gl/mech_krb5.so gl_kmech_krb5

The `/etc/gss/qop` File

The /etc/gss/qop file stores, for all mechanisms installed, all the QOPs supported by each mechanism, both as an ASCII string as its corresponding 32–bit integer. A sample /etc/gss/qop might look like Example C–2.

Example C–2 The `/etc/gss/qop` File

#
# Copyright (c) 2000, by Sun Microsystems, Inc.
# All rights reserved.
#
#ident  "@(#)qop 1.3     00/11/09 SMI" 
#
# This file contains information about the GSS-API based quality of
# protection (QOP), its string name and its value (32-bit integer).
#
# QOP string                    QOP Value       Mechanism Name
#
GSS_KRB5_INTEG_C_QOP_DES_MD5    0               kerberos_v5
GSS_KRB5_CONF_C_QOP_DES         0               kerberos_v5