1.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 2.\" Authors: Doug Rabson <dfr@rabson.org> 3.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org> 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.Dd January 26, 2010 26.Dt RPC_GSS_SECCREATE 3 27.Os 28.Sh NAME 29.Nm rpc_gss_seccreate 30.Nd "create a security context using the RPCSEC_GSS protocol" 31.Sh LIBRARY 32.Lb librpcsec_gss 33.Sh SYNOPSIS 34.In rpc/rpcsec_gss.h 35.Ft AUTH * 36.Fo rpc_gss_seccreate 37.Fa "CLIENT *clnt" 38.Fa "const char *principal" 39.Fa "const char *mechanism" 40.Fa "rpc_gss_service_t service" 41.Fa "const char *qop" 42.Fa "rpc_gss_options_req_t *options_req" 43.Fa "rpc_gss_options_ret_t *options_ret" 44.Fc 45.Sh DESCRIPTION 46This function is used to establish a security context between an 47application and a remote peer using the RPSEC_GSS protocol. 48.Sh PARAMETERS 49.Bl -tag -width "options_req" 50.It clnt 51An RPC handle which is connected to the remote peer 52.It principal 53The name of the service principal on the remote peer. 54For instance, a principal such as 55.Qq nfs@server.example.com 56might be used by an application which needs to contact an NFS server 57.It mechanism 58The desired mechanism for this security context. 59The value of mechanism should be the name of one of the security 60mechanisms listed in /etc/gss/mech. 61.It service 62Type of service requested. 63.Bl -tag -width "rpc_gss_svc_integrity" 64.It rpc_gss_svc_default 65The default - typically the same as 66.Dv rpc_gss_svc_none . 67.It rpc_gss_svc_none 68RPC headers only are integrity protected by a checksum. 69.It rpc_gss_svc_integrity 70RPC headers and data are integrity protected by a checksum. 71.It rpc_gss_svc_privacy 72RPC headers are integrity protected by a checksum and data is encrypted. 73.El 74.It qop 75Desired quality of protection or NULL for the default. 76Available values are listed in /etc/gss/qop 77.It options_req 78Extra security context options to be passed to the underlying GSS-API 79mechanism. 80Pass 81.Dv NULL 82to supply default values. 83.It options_ret 84Various values returned by the underlying GSS-API mechanism. 85Pass 86.Dv NULL 87if these values are not required. 88.El 89.Sh RETURN VALUES 90If the security context was created successfully, a pointer to an 91.Vt AUTH 92structure that represents the context is returned. 93To use this security context for subsequent RPC calls, set 94.Va clnt->cl_auth 95to this value. 96.Sh SEE ALSO 97.Xr gssapi 3 , 98.Xr rpc 3 , 99.Xr rpcsec_gss 3 , 100.Xr mech 5 , 101.Xr qop 5 102.Sh HISTORY 103The 104.Nm 105function first appeared in 106.Fx 8.0 . 107.Sh AUTHORS 108This 109manual page was written by 110.An Doug Rabson Aq Mt dfr@FreeBSD.org . 111