rpcsec_gss.3n (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

rpcsec_gss(3N) rpcsec_gss(3N)

NAME

rpcsec_gss - security ﬂavor incorporating GSS-API protections

SYNOPSIS

cc [ﬂag]... ﬁle...

-lnsl [library ]...

#include <rpc/rpcsec_gss.h>

DESCRIPTION

RPCSEC_GSS is a security ﬂavor which sits "on top" of the GSS-API (Generic Security Service Application

Programming Interface) for network transmissions. Applications using

RPCSEC_GSS can take advan-

tage of GSS-API security features; moreover, they can use any security mechanism (such as RSA public

key or Kerberos) that works with the GSS-API.

The GSS-API offers two security services beyond the traditional authentication services (

AUTH_DES,

AUTH_SYS, and AUTH_KERB): integrity and privacy. With integrity, the system uses cryptographic

checksumming to ensure the authenticity of a message (authenticity of originator, recipient, and data);

privacy provides additional security by encrypting data. Applications using

RPCSEC_GSS specify which

service they wish to use. The type of security service is mechanism-independent.

Before exchanging data with a peer, an application must establish a context for the exchange.

RPCSEC_GSS provides a single function for this purpose,

rpc_gss_seccreate()

, which allows the

application to specify the security mechanism, Quality of Protection (QOP), and type of service at context

creation. (The QOP parameter sets the cryptographic algorithms to be used with integrity or privacy, and

is mechanism-dependent.) Once a context is established, applications can reset the QOP and type of ser-

vice for each data unit exchanged, if desired. Validation mechanisms and QOPs may be obtained from

conﬁguration ﬁles or from the name service. Each mechanism has a default QOP.

Contexts are destroyed with the usual RPC

auth_destroy()

call.

Data Structures

Some of the data structures used by the RPCSEC_GSS package are shown below.

rpc_gss_service_t

This enum deﬁnes the types of security services the context may have.

rpc_gss_seccreate()

takes

this as one argument when setting the service type for a session.

typedef enum {

rpc_gss_svc_default = 0,

rpc_gss_svc_none = 1,

rpc_gss_svc_integrity = 2,

rpc_gss_svc_privacy = 3

} rpc_gss_service_t;

rpc_gss_options_req_t

Structure containing options passed directly through to the GSS-API. rpc_gss_seccreate() takes

this as an argument when creating a context.

typedef struct {

int req_flags; /* GSS request bits */

int time_req; /* requested credential lifetime*/

gss_cred_id_t my_cred; /* GSS credential struct */

gss_channel_bindings_t input_channel_bindings;

} rpc_gss_options_req_t;

rpc_gss_OID

This data type is used by in-kernel RPC routines, and thus is mentioned here for informational purposes

only.

typedef struct {

u_int length;

void *elements;

} *rpc_gss_OID;

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
rpcsec_gss(3N) rpcsec_gss(3N) NAME rpcsec_gss - security flavor incorporating GSS-API protections SYNOPSIS cc [flag]... file ... -lnsl [library ]... #include DESCRIPTION RPCSEC_GSS is a security flavor which sits "on top" of the GSS-API (Generic Security Service Application Programming Interface) for network transmissions.
PAGE 2
rpcsec_gss(3N) rpcsec_gss(3N) rpc_gss_options_ret_t Structure containing GSS-API options returned to the calling function, rpc_gss_seccreate(). MAX_GSS_MECH is defined as 128. typedef struct { int major_status; int minor_status; u_int rpcsec_version; /* vers.
PAGE 3
rpcsec_gss(3N) rpcsec_gss(3N) rpc_gss_error_t Structure used by rpc_gss_get_error() to fetch an error code when a RPCSEC_GSS routine fails. typedef struct { int rpc_gss_error; int system_error; } rpc_gss_error_t; /* same as errno */ Index to Routines The following lists RPCSEC_GSS routines and the manual reference pages on which they are described. An (S) indicates it is a server-side function. RPCSEC_GSS Routines Description rpc_gss_seccreate(3N) Create a secure RPCSEC_GSS context.
PAGE 4
(Notes) A (Notes) rA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010