RFC 1508 (rfc1508) - Page 2 of 49
Generic Security Service Application Program Interface
Alternative Format: Original Text Document
RFC 1508 Generic Security Interface September 1993
2. Interface Descriptions ..................................... 15
2.1. Credential management calls ............................. 17
2.1.1. GSS_Acquire_cred call ................................. 17
2.1.2. GSS_Release_cred call ................................. 19
2.1.3. GSS_Inquire_cred call ................................. 20
2.2. Context-level calls ..................................... 21
2.2.1. GSS_Init_sec_context call ............................. 21
2.2.2. GSS_Accept_sec_context call ........................... 26
2.2.3. GSS_Delete_sec_context call ........................... 29
2.2.4. GSS_Process_context_token call ........................ 30
2.2.5. GSS_Context_time call ................................. 31
2.3. Per-message calls ....................................... 32
2.3.1. GSS_Sign call ......................................... 32
2.3.2. GSS_Verify call ....................................... 33
2.3.3. GSS_Seal call ......................................... 35
2.3.4. GSS_Unseal call ....................................... 36
2.4. Support calls ........................................... 37
2.4.1. GSS_Display_status call ............................... 37
2.4.2. GSS_Indicate_mechs call ............................... 38
2.4.3. GSS_Compare_name call ................................. 38
2.4.4. GSS_Display_name call ................................. 39
2.4.5. GSS_Import_name call .................................. 40
2.4.6. GSS_Release_name call ................................. 41
2.4.7. GSS_Release_buffer call ............................... 41
2.4.8. GSS_Release_oid_set call .............................. 42
3. Mechanism-Specific Example Scenarios ....................... 42
3.1. Kerberos V5, single-TGT ................................. 43
3.2. Kerberos V5, double-TGT ................................. 43
3.3. X.509 Authentication Framework .......................... 44
4. Related Activities ......................................... 45
5. Acknowledgments ............................................ 46
6. Security Considerations .................................... 46
7. Author's Address ........................................... 46
Appendix A .................................................... 47
Appendix B .................................................... 48
Appendix C .................................................... 49
1. GSS-API Characteristics and Concepts
The operational paradigm in which GSS-API operates is as follows. A
typical GSS-API caller is itself a communications protocol, calling
on GSS-API in order to protect its communications with
authentication, integrity, and/or confidentiality security services.
A GSS-API caller accepts tokens provided to it by its local GSS-API
implementation and transfers the tokens to a peer on a remote system;
that peer passes the received tokens to its local GSS-API
implementation for processing. The security services available
through GSS-API in this fashion are implementable (and have been
Linn