GSS-API Functions

The Oracle Solaris software implements the GSS-API functions. For more information on each function, see its man page. See also Functions From Previous Versions of GSS-API.

gss_acquire_cred(): Assume a global identity by obtaining a GSS-API credential handle for preexisting credentials
gss_add_cred(): Construct credentials incrementally
gss_inquire_cred(): Obtain information about a credential
gss_inquire_cred_by_mech(): Obtain per-mechanism information about a credential
gss_release_cred(): Discard a credential handle
gss_init_sec_context(): Initiate a security context with a peer application
gss_accept_sec_context(): Accept a security context initiated by a peer application
gss_delete_sec_context(): Discard a security context
gss_process_context_token(): Process a token on a security context from a peer application
gss_context_time(): Determine how long a context is to remain valid
gss_inquire_context(): Obtain information about a security context
gss_wrap_size_limit(): Determine token-size limit for gss_wrap() on a context
gss_export_sec_context(): Transfer a security context to another process
gss_import_sec_context(): Import a transferred context
gss_get_mic(): Calculate a cryptographic message integrity code (MIC) for a message
gss_verify_mic(): Check a MIC against a message to verify integrity of a received message
gss_wrap(): Attach a MIC to a message, and optionally encrypt the message content
gss_unwrap(): Verify a message with attached MIC. Decrypt message content if necessary
gss_import_name(): Convert a contiguous string name to an internal-form name
gss_display_name(): Convert internal-form name to text
gss_compare_name(): Compare two internal-form names
gss_release_name(): Discard an internal-form name
gss_inquire_names_for_mech(): List the name types supported by the specified mechanism
gss_inquire_mechs_for_name(): List mechanisms that support the specified name type
gss_canonicalize_name(): Convert an internal name to a mechanism name (MN)
gss_export_name(): Convert an MN to export form
gss_duplicate_name(): Create a copy of an internal name
gss_add_oid_set_member(): Add an object identifier to a set
gss_display_status(): Convert a GSS-API status code to text
gss_indicate_mechs(): Determine available underlying authentication mechanisms
gss_release_buffer(): Discard a buffer
gss_release_oid_set(): Discard a set of object identifiers
gss_create_empty_oid_set(): Create a set with no object identifiers
gss_test_oid_set_member(): Determine whether an object identifier is a member of a set

Functions From Previous Versions of GSS-API

This section explains functions that were included in previous versions of the GSS-API.

Functions for Manipulating `OID`s

The Oracle Solaris implementation of GSS-API provides the following functions for convenience and for backward compatibility. However, these functions might not be supported by other implementations of GSS-API.

gss_delete_oid()
gss_oid_to_str()
gss_str_to_oid()

Although a mechanism's name can be converted from a string to an OID, programmers should use the default GSS-API mechanism if at all possible.

Renamed Functions

The following functions have been supplanted by newer functions. In each case, the new function is the functional equivalent of the older function. Although the old functions are supported, developers should replace these functions with the newer functions whenever possible.

gss_sign() has been replaced with gss_get_mic().
gss_verify() has been replaced with gss_verify_mic().
gss_seal() has been replaced with gss_wrap().
gss_unseal() has been replaced with gss_unwrap().

Skip Navigation Links
Exit Print View
	Developer's Guide to Oracle Solaris Security Oracle Solaris 10 8/11 Information Library