gss_add_cred(3)gss_add_cred(3)NAMEgss_add_cred() - adds a credential-element to a credential
SYNOPSISDESCRIPTION
The routine adds a credential-element to a credential. The credential-
element is identified by the name of the principal to which it refers.
If desired_name is the call is interpreted as a request to add a cre‐
dential element that will invoke default behavior when passed to or
This routine can be used to either compose a new credential containing
all credential-elements of the original in addition to the newly-
acquire credential-element, or to add the new credential- element to an
existing credential. If NULL is specified for the output_cred_handle
arameter argument, the new credential-element will be added to the cre‐
dential identified by input_cred_handle; if a valid pointer is speci‐
fied for the output_cred_handle parameter, a new credential handle will
be created.
If is specified as the input_cred_handle, will compose a credential
based on default behavior.
Input Parameters
input_cred_handle Specifies the handle to credential structure to
which a credential-element will be added. If is
specified, the routine will compose the new cre‐
dential based on default behavior
desired_name Specifies the principal name whose credential
should be acquired.
desired_mechs Specifies the OID set for the security mechanism
for which the new credential may be used.
initiator_time_req Specifies the number of seconds that credentials
remain valid. for initiating security contexts.
This argument is ignored if the composed creden‐
tials are of type Specify to request that the
credentials have the maximum permitted initiator
lifetime.
acceptor_time_req Specifies the number of seconds that credentials
remain valid. for accepting security contexts.
This argument is ignored if the composed creden‐
tials are of type Specify to request that the
credentials have the maximum permitted acceptor
lifetime.
cred_usage Specify one of the following:
Specifies credentials that the context initiator
can use to either initiate or accept security
contexts.
Specifies credentials that the context initiator
can use only to initiate
security contexts.
Specifies credentials that the context initiator
can use only to accept
security contexts.
Output Parameters
output_cred_handle The returned credential handle, containing the
new credential-element and all the credential-
elements from input_cred_handle. If NULL is spec‐
ified for this parameter, the newly acquired cre‐
dential-element will be added to the credential
identified by input_cred_handle.
actual_mechs Returns a set of mechanisms for which the creden‐
tial is valid. This information is optional. If
you do not want a set of mechanisms returned,
specify NULL.
initiator_time_rec Specifies the actual number of seconds that cre‐
dentials remain valid for initiating security
contexts using the specified mechanism. If the
implementation or mechanism does not support
expiration of credentials, the value will be
returned.
acceptor_time_rec Specifies the actual number of seconds that cre‐
dentials remain valid for accepting security con‐
texts using the specified mechanism. If the
implementation or mechanism does not support
expiration of credentials, the value will be
returned.
minor_status Returns a status code from the security mecha‐
nism.
STATUS CODES
The following list explains the GSS status codes that can be returned:
The routine was completed successfully.
The requested security mechanism is unsupported or unavailable.
The name passed by the desired_name parameter is unsupported.
An invalid name was passed by the
desired_name parameter.
The credential already contains an element
for the requested mechanism with overlapping
usage and validity period.
The required credentials could not be added
because they have expired.
No credentials were found for the specified name.
AUTHOR
was developed by Sun Microsystems, Inc.
SEE ALSOgss_init_sec_context(3).
The manpages for DCE-GSSAPI are included with the DCE-CoreTools prod‐
uct. To see those manpages add to
gss_add_cred(3)