1.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 2.\" Authors: Doug Rabson <dfr@rabson.org> 3.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org> 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.Dd January 26, 2010 28.Dt RPC_GSS_SECCREATE 3 29.Os 30.Sh NAME 31.Nm rpc_gss_seccreate 32.Nd "create a security context using the RPCSEC_GSS protocol" 33.Sh LIBRARY 34.Lb librpcsec_gss 35.Sh SYNOPSIS 36.In rpc/rpcsec_gss.h 37.Ft AUTH * 38.Fo rpc_gss_seccreate 39.Fa "CLIENT *clnt" 40.Fa "const char *principal" 41.Fa "const char *mechanism" 42.Fa "rpc_gss_service_t service" 43.Fa "const char *qop" 44.Fa "rpc_gss_options_req_t *options_req" 45.Fa "rpc_gss_options_ret_t *options_ret" 46.Fc 47.Sh DESCRIPTION 48This function is used to establish a security context between an 49application and a remote peer using the RPSEC_GSS protocol. 50.Sh PARAMETERS 51.Bl -tag -width "options_req" 52.It clnt 53An RPC handle which is connected to the remote peer 54.It principal 55The name of the service principal on the remote peer. 56For instance, a principal such as 57.Qq nfs@server.example.com 58might be used by an application which needs to contact an NFS server 59.It mechanism 60The desired mechanism for this security context. 61The value of mechanism should be the name of one of the security 62mechanisms listed in /etc/gss/mech. 63.It service 64Type of service requested. 65.Bl -tag -width "rpc_gss_svc_integrity" 66.It rpc_gss_svc_default 67The default - typically the same as 68.Dv rpc_gss_svc_none . 69.It rpc_gss_svc_none 70RPC headers only are integrity protected by a checksum. 71.It rpc_gss_svc_integrity 72RPC headers and data are integrity protected by a checksum. 73.It rpc_gss_svc_privacy 74RPC headers are integrity protected by a checksum and data is encrypted. 75.El 76.It qop 77Desired quality of protection or NULL for the default. 78Available values are listed in /etc/gss/qop 79.It options_req 80Extra security context options to be passed to the underlying GSS-API 81mechanism. 82Pass 83.Dv NULL 84to supply default values. 85.It options_ret 86Various values returned by the underlying GSS-API mechanism. 87Pass 88.Dv NULL 89if these values are not required. 90.El 91.Sh RETURN VALUES 92If the security context was created successfully, a pointer to an 93.Vt AUTH 94structure that represents the context is returned. 95To use this security context for subsequent RPC calls, set 96.Va clnt->cl_auth 97to this value. 98.Sh SEE ALSO 99.Xr gssapi 3 , 100.Xr rpc 3 , 101.Xr rpcset_gss 3 , 102.Xr mech 5 , 103.Xr qop 5 104.Sh HISTORY 105The 106.Nm 107function first appeared in 108.Fx 8.0 . 109.Sh AUTHORS 110This 111manual page was written by 112.An Doug Rabson Aq Mt dfr@FreeBSD.org . 113