RFC 2744 (rfc2744) - Page 3 of 101
Generic Security Service API Version 2 : C-bindings
Alternative Format: Original Text Document
RFC 2744 GSS-API V2: C-bindings January 2000
c) Per-message services are invoked to apply either:
integrity and data origin authentication, or confidentiality,
integrity and data origin authentication to application data,
which are treated by GSS-API as arbitrary octet-strings. An
application transmitting a message that it wishes to protect will
call the appropriate GSS-API routine (gss_get_mic or gss_wrap) to
apply protection, specifying the appropriate security context, and
send the resulting token to the receiving application. The
receiver will pass the received token (and, in the case of data
protected by gss_get_mic, the accompanying message-data) to the
corresponding decoding routine (gss_verify_mic or gss_unwrap) to
remove the protection and validate the data.
d) At the completion of a communications session (which may extend
across several transport connections), each application calls a
GSS-API routine to delete the security context. Multiple contexts
may also be used (either successively or simultaneously) within a
single communications association, at the option of the
applications.
2. GSS-API Routines
This section lists the routines that make up the GSS-API, and
offers a brief description of the purpose of each routine.
Detailed descriptions of each routine are listed in alphabetical
order in section 5.
Table 2-1 GSS-API Credential-management Routines
Routine Section Function
------- ------- --------
gss_acquire_cred 5.2 Assume a global identity; Obtain
a GSS-API credential handle for
pre-existing credentials.
gss_add_cred 5.3 Construct credentials
incrementally
gss_inquire_cred 5.21 Obtain information about a
credential
gss_inquire_cred_by_mech 5.22 Obtain per-mechanism information
about a credential.
gss_release_cred 5.27 Discard a credential handle.
Wray Standards Track