OSF DCE Application Development Guide--Core Components
GSSAPI Credentials
registered for the context acceptor to generate the default credential handle. The
credential is an ACCEPT credential type.
25.2 Creating New Credential Handles
An application can create a new credential handle to pass to the gss_init_sec_context()
routine or the gss_accept_sec_context() routine. An application might create a
credential handle rather than use the default credential for the following reasons:
— Limit the identities the application can use
— Provide an additional identity for the application
25.2.1 Initiating a Security Context with New Credential Handles
To create a credential handle for an INITIATE credential type, the application calls the
gssdce_login_context_to_cred() routine and specifies its login context as input to the
routine. The routine creates a credential handle that points to the credential consisting of
that login context.
An application can also use a BOTH type credential to initiate a security context. Use
the gss_acquire_cred( ) routine to create a BOTH type credential, as explained in the
next section.
When the application uses a BOTH credential, the gss_acquire_cred( ) routine creates a
login context from the key table infromation. Then, it uses the login context to create the
credential. For more details, see the gss_acquire_cred(3sec) reference page.
25.2.2 Accepting a Security Context Using New Credential Handles
To create new credential handle for an ACCEPT or BOTH type credential, an
application calls the gss_acquire_cred( ) routine.
The gss_acquire_cred( ) routine uses a principal name and its entry in the key table to
generate the credential handle. If the principal name has not yet been registered (using
gssdce_register_acceptor_identity() or the rpc_server_register_auth_info()
routines), the gss_acquire_cred( ) routine automatically registers it.
124245 Tandem Computers Incorporated 25−3