개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

gss_acquire_cred(3gss)

Generic Security Services API Library Functions         gss_acquire_cred(3gss)



NAME
       gss_acquire_cred  -  acquire  a handle for a pre-existing credential by
       name

SYNOPSIS
       cc [ flag... ] file... -lgss  [ library... ]
       #include <gssapi/gssapi.h>

       OM_uint32 gss_acquire_cred(OM_uint32 *minor_status,
            const gss_name_t desired_name, OM_uint32 time_req,
            const gss_OID_set desired_mech, gss_cred_usage_t cred_usage,
            gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs,
            OM_uint32 *time_rec);


DESCRIPTION
       The gss_acquire_cred() function allows an application to acquire a han‐
       dle for a pre-existing credential by name. This routine is not intended
       as a function to login to the network; a function for login to the net‐
       work  would involve creating new credentials rather than merely acquir‐
       ing a handle to existing credentials.


       If desired_name is GSS_C_NO_NAME, the call is interpreted as a  request
       for  a  credential handle that will invoke default behavior when passed
       to  gss_init_sec_context(3GSS)  (if  cred_usage  is  GSS_C_INITIATE  or
       GSS_C_BOTH)   or   gss_accept_sec_context(3GSS)   (if   cred_usage   is
       GSS_C_ACCEPT or GSS_C_BOTH).


       Normally gss_acquire_cred() returns a credential that is valid only for
       the  mechanisms  requested  by  the desired_mechs argument. However, if
       multiple mechanisms can share a single credential element, the function
       returns  all  the  mechanisms  for which the credential is valid in the
       actual_mechs argument.


       gss_acquire_cred() is intended to be used primarily by context   accep‐
       tors,  since  the GSS-API routines obtain initiator credentials through
       the system login process. Accordingly, you may not acquire GSS_C_INITI‐
       ATE  or  GSS_C_BOTH  credentials by means of gss_acquire_cred() for any
       name  other  than  GSS_C_NO_NAME.  Alternatively,   you   may   acquire
       GSS_C_INITIATE  or  GSS_C_BOTH  credentials  for  a  name produced when
       gss_inquire_cred(3GSS) is  applied  to  a  valid  credential,  or  when
       gss_inquire_context(3GSS) is applied to an active context.


       If credential acquisition is time-consuming for a mechanism, the mecha‐
       nism may choose to delay the actual acquisition until the credential is
       required,    for   example,   by   gss_init_sec_context(3GSS)   or   by
       gss_accept_sec_context(3GSS).  Such mechanism-specific  implementations
       are,  however,  invisible  to  the  calling application; thus a call of
       gss_inquire_cred(3GSS)    immediately    following    the    call    of
       gss_acquire_cred()  will  return  valid  credential  data and incur the
       overhead of a deferred credential acquisition.

PARAMETERS
       The parameter descriptions for gss_acquire_cred() follow:

       desired_name          The name of the principal for which a  credential
                             should be acquired.


       time_req              The  number  of  seconds  that credentials remain
                             valid. Specify GSS_C_INDEFINITE  to request  that
                             the  credentials have the maximum permitted life‐
                             time


       desired_mechs         The set of underlying  security  mechanisms  that
                             may  be  used.   GSS_C_NO_OID_SET  may be used to
                             obtain a default.


       cred_usage            A flag that indicates how this credential  should
                             be  used.  If the flag is GSS_C_ACCEPT, then cre‐
                             dentials will be used  only  to  accept  security
                             credentials.  GSS_C_INITIATE  indicates that cre‐
                             dentials will be used only to  initiate  security
                             credentials. If the flag is GSS_C_BOTH, then cre‐
                             dentials may be used either to initiate or accept
                             security contexts.


       output_cred_handle    The  returned credential handle.  Resources asso‐
                             ciated  with  this  credential  handle  must   be
                             released by the application after use with a call
                             to gss_release_cred(3GSS)


       actual_mechs          The set of mechanisms for which the credential is
                             valid.  Storage associated with the returned OID-
                             set must be released by the application after use
                             with a call to  gss_release_oid_set(3GSS).  Spec‐
                             ify NULL if not required.


       time_rec              Actual number of seconds for which  the  returned
                             credentials  will  remain  valid. Specify NULL if
                             not required.


       minor_status          Mechanism specific status code.


ERRORS
       gss_acquire_cred() may return the following status code:

       GSS_S_COMPLETE               Successful completion.


       GSS_S_BAD_MECH               An   unavailable   mechanism   has    been
                                    requested.


       GSS_S_BAD_NAMETYPE           The type contained within the desired_name
                                    parameter is not supported.


       GSS_S_BAD_NAME               The value supplied for desired_name param‐
                                    eter is ill formed.


       GSS_S_CREDENTIALS_EXPIRED    The  credentials  could  not  be  acquired
                                    because they have expired.


       GSS_S_NO_CRED                No credentials were found for  the  speci‐
                                    fied name.


       GSS_S_FAILURE                The underlying mechanism detected an error
                                    for which no specific GSS status  code  is
                                    defined.   The  mechanism-specific  status
                                    code reported by means of the minor_status
                                    parameter details the error condition.


ATTRIBUTES
       See attributes(7)  for descriptions of the following attributes:




       tab()   box;   cw(2.75i)  |cw(2.75i)  lw(2.75i)  |lw(2.75i)  ATTRIBUTE
       TYPEATTRIBUTE VALUE _ MT-LevelSafe



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       box; cbp-1 | cbp-1 l | l .  ATTRIBUTE TYPE ATTRIBUTE VALUE = Availabil‐
       ity   security/kerberos-5 = Stability Pass-through committed


SEE ALSO
       gss_accept_sec_context(3GSS),               gss_init_sec_context(3GSS),
       gss_inquire_context(3GSS),                      gss_inquire_cred(3GSS),
       gss_release_cred(3GSS), gss_release_oid_set(3GSS), attributes(7)


NOTES
       Source  code  for open source software components in Oracle Solaris can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-
       code-downloads.html.

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source      was      downloaded      from       http://web.mit.edu/ker‐
       beros/dist/krb5/1.18/krb5-1.18.4.tar.gz.

       Further information about this software can be found on the open source
       community website at http://web.mit.edu/kerberos/.



Solaris 11.4                      22 Aug 2011           gss_acquire_cred(3gss)