OSF DCE Application Development Guide--Core Components
Chapter 25. GSSAPI Credentials
A GSSAPI credential is a data structure that provides proof of an application’s claim to a
principal name. An application uses a credential to establish its global identity. The
global identity can be, but is not necessarily, related to the local user name under which
the application (either the initiator or the acceptor) is running.
A credential can consist of either of the following:
• DCE login context
• Principal name
There are three types of credentials, as shown in Table 25-1.
TABLE 25-1. Credential Types
_________________________________________________________________
Credential Content
_________________________________________________________________
_________________________________________________________________
A login context only. This credential identifies applications
that only initiate security contexts.
INITIATE
_________________________________________________________________
Principal name and an associated entry key table. This
credential identifies applications that only accept security
contexts.
ACCEPT
_________________________________________________________________
A login context and principal name with a key table entry.
This credential identifies applications that can either initiate
or accept security contexts.
BOTH
_________________________________________________________________
Credentials are maintained internally to GSSAPI. When they establish a security
context, applications use credential handles to point to the credentials they need.
When an application initiates or accepts a security context, it can use GSSAPI routines
with either a default credential or a specific credential handle. This chapter discusses
how applications do the following:
• Use default credentials
• Create credential handles to refer to specific credentials
124245 Tandem Computers Incorporated 25−1