OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
• Delegate credentials
For detailed information on the GSSAPI routines referred to in this chapter, see the OSF
DCE Application Development Reference.
25.1 Using Default Credentials
A default credential is a credential that is
• Generated by either of the following routines:
— gss_init_sec_context()
— gss_accept_sec_context( )
• Based on the following information:
— The DCE default login context for the application (for INITIATE type
credentials)
— The registered principal name in the token (for ACCEPT or BOTH type
credentials).
When an application calls the GSSAPI routine to either initiate
(gss_init_sec_context()) or accept (gss_accept_sec_context( )) a security context, it
can specify the use of its default credential.
Use default credentials to help ensure the portability of your applications.
25.1.1 Initiating a Security Context
To use a default credential when initiating a security context, an application calls the
gss_init_sec_context() routine and specifies GSS_C_NO_CREDENTIAL as the input
claimant credential handle to the routine. The routine uses the initiator’s DCE default
login context to generate the default credential. The credential is an INITIATE type
credential.
You can change the default login context by calling the DCE sec_login_*() routines.
For information on these routines, see see the appropriate sec_login_*(3sec) reference
page.
25.1.2 Accepting a Security Context
To use a default credential when accepting a security context, an application calls the
gss_accept_security_context( ) routine and specifies GSS_C_NO_CREDENTIAL as
the verifier credential handle to the routine. The GSSAPI uses a principal name
25−2 Tandem Computers Incorporated 124245