gssapi.3 - OpenGrok cross reference for /freebsd/lib/libgssapi/gssapi.3

Lines Matching +full:in +full:- +full:application
1 .\" -*- nroff -*-
6 .\" Redistribution and use in source and binary forms, with or without
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\"    notice, this list of conditions and the following disclaimer in the
18 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 GSS-API Library (libgssapi, -lgssapi)
38 The Generic Security Service Application Programming Interface
42 Typically, GSS-API callers will be application protocols into which
44 provided by the GSS-API.
45 The GSS-API allows a caller application to authenticate a principal
46 identity associated with a peer application, to delegate rights to a
49 on a per-message basis.
51 There are four stages to using the GSS-API:
52 .Bl -tag -width "a)"
54 The application acquires a set of credentials with which it may prove
56 The application's credentials vouch for its global identity,
62 The security context is a pair of GSS-API data structures that contain
63 shared state information, which is required in order that per-message
70 and may require that the responder is authenticated in turn.
76 similar to those used by the initiating application,
81 certain GSS-API calls will return a token data structure,
84 The caller of such a GSS-API routine is responsible for transferring
85 the token to the peer application,
86 encapsulated if necessary in an application protocol.
87 On receipt of such a token, the peer application should pass it to a
88 corresponding GSS-API routine which will decode the token and extract
92 Per-message services are invoked to apply either:
95 integrity and data origin authentication to application data,
96 which are treated by GSS-API as arbitrary octet-strings.
97 An application transmitting a message that it wishes to protect will
98 call the appropriate GSS-API routine (gss_get_mic or gss_wrap) to
101 and send the resulting token to the receiving application.
102 The receiver will pass the received token (and, in the case of data
103 protected by gss_get_mic, the accompanying message-data) to the
109 each application calls a GSS-API routine to delete the security
115 .Sh GSS-API ROUTINES
116 This section lists the routines that make up the GSS-API,
119 GSS-API Credential-management Routines:
120 .Bl -tag -width "gss_inquire_cred_by_mech"
122 Assume a global identity; Obtain a GSS-API credential handle for
123 pre-existing credentials.
129 Obtain per-mechanism information about a credential.
134 GSS-API Context-Level Routines:
135 .Bl -tag -width "gss_inquire_cred_by_mech"
137 Initiate a security context with a peer application
139 Accept a security context initiated by a peer application
143 Process a token on a security context from a peer application
149 Determine token-size limit for
158 GSS-API Per-message Routines:
159 .Bl -tag -width "gss_inquire_cred_by_mech"
174 GSS-API Name manipulation Routines:
175 .Bl -tag -width "gss_inquire_cred_by_mech"
177 Convert a contiguous string name to internal-form
179 Convert internal-form name to text
181 Compare two internal-form names
183 Discard an internal-form name
185 List the name-types supported by the specified mechanism
187 List mechanisms that support the specified name-type
196 GSS-API Miscellaneous Routines
197 .Bl -tag -width "gss_inquire_cred_by_mech"
201 Convert a GSS-API status code to text
214 Individual GSS-API implementations may augment these routines by
215 providing additional mechanism-specific routines if required
220 .Bl -tag -width ".It RFC 2743"
222 Generic Security Service Application Program Interface Version 2, Update 1
224 Generic Security Service API Version 2 : C-bindings
229 library first appeared in
238 or assist in its implementation may be prepared, copied, published
239 and distributed, in whole or in part, without restriction of any
242 document itself may not be modified in any way, such as by removing
245 developing Internet standards in which case the procedures for
246 copyrights defined in the Internet Standards process must be