


   SPX Version 2.2                                    gss_init_sec_context(3)



   Name
     gss_init_sec_context - initiate security context between two peers

   Syntax
     #include "gssapi_defs.h"

     int gss_init_context(minor_status,
                          claimant_cred_handle,
                          context_handle,
                          target_name,
                          mech_type,
                          req_flags,
                          time_req,
                          input_chan_bindings,
                          input_token,
                          actual_mech_type,
                          output_token,
                          ret_flags,
                          time_req)

     OM_uint32             *minor_status;
     gss_cred_id_t         claimant_cred_handle;
     gss_ctx_id_t          *context_handle;
     gss_name_t            target_name;
     gss_OID               mech_type;
     int                   req_flags;
     int                   time_req;
     gss_channel_bindings  input_chan_bindings;
     gss_buffer_t          input_token;
     gss_OID               *actual_mech_type;
     gss_buffer_t          output_token;
     int                   *ret_flags;
     OM_uint32             *time_rec;

   Arguments

     _m_i_n_o_r__s_t_a_t_u_s
            (OM_uint32, modify) If the routine doesn't return GSS_S_COMPLETE
            or GSS_S_CONTINUE_NEEDED, then this status code can be used to
            display the mechanism specific error using the call
            _g_s_s__d_i_s_p_l_a_y__s_t_a_t_u_s

     _c_l_a_i_m_a_n_t__c_r_e_d__h_a_n_d_l_e
            (gss_cred_id_t, read) Credential handle of the context initiator.
            Specify GSS_C_NO_CREDENTIAL to use default credentials.  Other-
            wise, _g_s_s__a_c_q_u_i_r_e__c_r_e_d should be called to acquire the proper
            credentials.  Normally, the initiator will have default creden-
            tials.

     _c_o_n_t_e_x_t__h_a_n_d_l_e
            (gss_ctx_id_t, read/modify) Context handle for new context.  Sup-
            ply GSS_C_NO_CONTEXT for first call; use value returned by first
            call in continuation calls.


   Digital Equipment Corporation                                            1






   gss_init_sec_context(3)                                    SPX Version 2.2


     _t_a_r_g_e_t__n_a_m_e
            (gss_name_t, read) The SPX name of the target.

     _m_e_c_h__t_y_p_e
            (gss_OID, read) Object ID of desired mechanism.  Supply
            _G_S_S__C__N_U_L_L__O_I_D to obtain SPX as the system default.

     _r_e_q__f_l_a_g_s
            (int, read) Contains six independent flags, each of which
            requests that the context support a specific service option.
            Symbolic names are provided for each flag.  To form the bit-mask
            value, logically OR the _r_e_q__f_l_a_g_s with the symbolic flag to
            request the desired option.  The flags are:

               _G_S_S__C__D_E_L_E_G__F_L_A_G
                      (_r_e_q__f_l_a_g_s OR _G_S_S__C__D_E_L_E_G__F_L_A_G)

                  _T_r_u_e    Delegate credentials to the acceptor of the secu-
                          rity context.

                  _F_a_l_s_e   Do not delegate credentials to acceptor of the
                          security context.

               _G_S_S__C__M_U_T_U_A_L__F_L_A_G
                      (_r_e_q__f_l_a_g_s OR _G_S_S__C__M_U_T_U_A_L__F_L_A_G)

                  _T_r_u_e    Require that the acceptor of the security context
                          authenticate itself to you.

                  _F_a_l_s_e   Do not require that the acceptor of the security
                          context authenticate itself to you.

               _G_S_S__C__R_E_P_L_A_Y__F_L_A_G
                      (_r_e_q__f_l_a_g_s OR _G_S_S__C__R_E_P_L_A_Y__F_L_A_G)

                  _T_r_u_e    Enable replay detection for signed or sealed mes-
                          sages.  SPX does not support this option.

                  _F_a_l_s_e   Do not attempt to detect replayed messages.

               _G_S_S__C__S_E_Q_U_E_N_C_E__F_L_A_G
                      (_r_e_q__f_l_a_g_s OR _G_S_S__C__S_E_Q_U_E_N_C_E__F_L_A_G)

                  _T_r_u_e    Enable detection of out-of-sequence signed or
                          sealed messages.  SPX does not support this option.

                  _F_a_l_s_e   Do not attempt to detect out-of-sequence messages.

               _G_S_S__C__C_O_N_F__R_E_Q__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__C_O_N_F__F_L_A_G)

                  _N_o_n_z_e_r_o Make confidentiality service available.  SPX does
                          not support this option.



   2                                            Digital Equipment Corporation






   SPX Version 2.2                                    gss_init_sec_context(3)


                  _Z_e_r_o    Do not make confidentiality service available.  The
                          seal provides message encapsulation and integrity
                          services only.

                 This flag is pending.

               _G_S_S__C__I_N_T_E_G__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__I_N_T_E_G__F_L_A_G)

                  _T_r_u_e    SPX does not support this option.

                  _F_a_l_s_e

     _t_i_m_e__r_e_q
            (int, read) Number of seconds for which the context should remain
            valid.  Specify NULL if this information is not required.

     _i_n_p_u_t__c_h_a_n__b_i_n_d_i_n_g_s__b_u_f_f_e_r
            (gss_channel_bindings, read) The channel bindings information
            allows the application to securely bind channel identification
            information with the security context.  To ensure portability,
            the channel binding structure requires the initiator and acceptor
            addresses.  Optionally, each application can include its own
            application specific channel information.

     _i_n_p_u_t__t_o_k_e_n
            (gss_buffer_t, read) The token received from the acceptor of the
            security context.  Supply GSS_C_NO_BUFFER on the initial call for
            a particular context. In continuation calls supply the token
            received from the acceptor of the security context.

     _a_c_t_u_a_l__m_e_c_h__t_y_p_e
            (OID, modify) The actual mechanism used.  Will always be
            SPX_MECHTYPE_OID when using SPX.  The application must store this
            value for passing to _g_s_s__d_i_s_p_l_a_y__s_t_a_t_u_s

     _o_u_t_p_u_t__t_o_k_e_n
            (gss_buffer_t, modify) The token to be sent to the acceptor of
            the security context.  If the _l_e_n_g_t_h field of the returned buffer
            is zero, no token need be sent to the acceptor of the security
            context.

     _r_e_t__f_l_a_g_s
            (int, modify) Contains six independent flags, each of which indi-
            cates that the context supports a specific service option.  Sym-
            bolic names are provided for each flag.  To test the value of a
            given flag, logically AND _r_e_t__f_l_a_g_s with the symbolic name to
            determine whether the returned flag is _z_e_r_o or _n_o_n_z_e_r_o.  The
            flags are:

               _D_E_L_E_G__F_L_A_G,
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__D_E_L_E_G__F_L_A_G)

                  _N_o_n_z_e_r_o Delegated credentials are available to the acceptor


   Digital Equipment Corporation                                            3






   gss_init_sec_context(3)                                    SPX Version 2.2


                          of the security context.

                  _Z_e_r_o    No credentials were delegated.

               _M_U_T_U_A_L__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__M_U_T_U_A_L__F_L_A_G)

                  _N_o_n_z_e_r_o The acceptor of the security context asked for or
                          is being asked for mutual authentication.

                  _Z_e_r_o    The acceptor of the security context is not being
                          asked for mutual authentication.

               _R_E_P_L_A_Y__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__R_E_P_L_A_Y__F_L_A_G)

                  _N_o_n_z_e_r_o Replay of signed or sealed messages will be
                          detected.

                  _Z_e_r_o    Replayed messages will not be detected.  This is
                          always the case in SPX.

               _S_E_Q_U_E_N_C_E__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__S_E_Q_U_E_N_C_E__F_L_A_G)

                  _N_o_n_z_e_r_o Out-of-sequence signed or sealed messages will be
                          detected.

                  _Z_e_r_o    Out-of-sequence messages will not be detected.
                          This is always the case in SPX.

               _C_O_N_F__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__C_O_N_F__F_L_A_G)

                  _N_o_n_z_e_r_o Confidentiality service can be invoked.

                  _Z_e_r_o    No confidentiality service is available.  This is
                          always the case in SPX.  The _g_s_s__s_e_a_l provides mes-
                          sage encapsulation and integrity services only.
                          This is always the case in SPX.

               _G_S_S__C__I_N_T_E_G__F_L_A_G
                      (_r_e_t__f_l_a_g_s AND _G_S_S__C__I_N_T_E_G__F_L_A_G)

                  _N_o_n_z_e_r_o

                  _Z_e_r_o    This is always the case in SPX.

     _t_i_m_e__r_e_c
            (integer, modify) The number of seconds for which the security
            context will remain valid.  Specify NULL if this information is
            not required.




   4                                            Digital Equipment Corporation






   SPX Version 2.2                                    gss_init_sec_context(3)


   Description
     This routine, which is part of the Generic Security Service Application
     Program Interface, initiates the establishment of a security context
     between the application and a remote peer.  The caller passes a target
     fullname (syntax is mechanism dependent), a claimant credential handle,
     and any application specific channel binding into gss_init_sec_context
     routine.  This routine returns an authentication token to be passed over
     to the remote peer during security context initiation.

     Initially, the input_token parameter should be specified as NULL.  If
     this routine returns an output token, then it should be passed to the
     remote peer.  If one or more reply tokens are required from the peer
     application, this routine will return a status value of
     GSS_S_CONTINUE_NEEDED in which case it should be called again when the
     reply token is received from the peer application, passing the token to
     gss_init_sec_context via the input token parameter.

   Files
     gssapi_defs.h

   See Also
     spx(1), gss_accept_sec_context(3), gss_import_name(3)


































   Digital Equipment Corporation                                            5


99