path: root/doc/html/appdev/gssapi.html
diff options
authorCy Schubert <cy@FreeBSD.org>2018-04-03 19:36:00 +0000
committerCy Schubert <cy@FreeBSD.org>2018-04-03 19:36:00 +0000
commitb0e4d68d5124581ae353493d69bea352de4cff8a (patch)
tree43300ec43e83eccd367fd76fdfdefba2dcd7d8f4 /doc/html/appdev/gssapi.html
parent33a9b234e7087f573ef08cd7318c6497ba08b439 (diff)
Import MIT KRB5 1.16.vendor/krb5/1.16vendor/krb5
Notes: svn path=/vendor-crypto/krb5/dist/; revision=331939 svn path=/vendor-crypto/krb5/1.16/; revision=331941; tag=vendor/krb5/1.16
Diffstat (limited to 'doc/html/appdev/gssapi.html')
1 files changed, 24 insertions, 5 deletions
diff --git a/doc/html/appdev/gssapi.html b/doc/html/appdev/gssapi.html
index 51eb7706a1df..3d76d64248cd 100644
--- a/doc/html/appdev/gssapi.html
+++ b/doc/html/appdev/gssapi.html
@@ -15,7 +15,7 @@
<script type="text/javascript">
URL_ROOT: '../',
- VERSION: '1.15.1',
+ VERSION: '1.16',
FILE_SUFFIX: '.html',
@@ -28,7 +28,7 @@
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="top" title="MIT Kerberos Documentation" href="../index.html" />
<link rel="up" title="For application developers" href="index.html" />
- <link rel="next" title="Differences between Heimdal and MIT Kerberos API" href="h5l_mit_apidiff.html" />
+ <link rel="next" title="Year 2038 considerations for uses of krb5_timestamp" href="y2038.html" />
<link rel="prev" title="For application developers" href="index.html" />
@@ -44,7 +44,7 @@
accesskey="C">Contents</a> |
<a href="index.html" title="For application developers"
accesskey="P">previous</a> |
- <a href="h5l_mit_apidiff.html" title="Differences between Heimdal and MIT Kerberos API"
+ <a href="y2038.html" title="Year 2038 considerations for uses of krb5_timestamp"
accesskey="N">next</a> |
<a href="../genindex.html" title="General Index"
accesskey="I">index</a> |
@@ -334,6 +334,24 @@ intermediate service has the appropriate permissions, the KDC will
issue a ticket from the client to the target service. The GSSAPI
library will then use this ticket to authenticate to the target
+<p>If an application needs to find out whether a credential it holds is a
+proxy credential and the name of the intermediate service, it can
+query the credential with the <strong>GSS_KRB5_GET_CRED_IMPERSONATOR</strong> OID
+(new in release 1.16, declared in <tt class="docutils literal"><span class="pre">&lt;gssapi/gssapi_krb5.h&gt;</span></tt>) using
+the gss_inquire_cred_by_oid extension (declared in
+<tt class="docutils literal"><span class="pre">&lt;gssapi/gssapi_ext.h&gt;</span></tt>):</p>
+<div class="highlight-python"><div class="highlight"><pre>OM_uint32 gss_inquire_cred_by_oid(OM_uint32 *minor_status,
+ const gss_cred_id_t cred_handle,
+ gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+<p>If the call succeeds and <em>cred_handle</em> is a proxy credential,
+<em>data_set</em> will be set to a single-element buffer set containing the
+unparsed principal name of the intermediate service. If <em>cred_handle</em>
+is not a proxy credential, <em>data_set</em> will be set to an empty buffer
+set. If the library does not support the query,
+gss_inquire_cred_by_oid will return <strong>GSS_S_UNAVAILABLE</strong>.</p>
<div class="section" id="aead-message-wrapping">
<h2>AEAD message wrapping<a class="headerlink" href="#aead-message-wrapping" title="Permalink to this headline">ΒΆ</a></h2>
@@ -649,6 +667,7 @@ if (GSS_ERROR(major))
<li class="toctree-l2 current"><a class="current reference internal" href="">Developing with GSSAPI</a><ul class="simple">
+<li class="toctree-l2"><a class="reference internal" href="y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
<li class="toctree-l2"><a class="reference internal" href="h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
<li class="toctree-l2"><a class="reference internal" href="init_creds.html">Initial credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="princ_handle.html">Principal manipulation and parsing</a></li>
@@ -681,7 +700,7 @@ if (GSS_ERROR(major))
<div class="footer-wrapper">
<div class="footer" >
- <div class="right" ><i>Release: 1.15.1</i><br />
+ <div class="right" ><i>Release: 1.16</i><br />
&copy; <a href="../copyright.html">Copyright</a> 1985-2017, MIT.
<div class="left">
@@ -690,7 +709,7 @@ if (GSS_ERROR(major))
>Contents</a> |
<a href="index.html" title="For application developers"
>previous</a> |
- <a href="h5l_mit_apidiff.html" title="Differences between Heimdal and MIT Kerberos API"
+ <a href="y2038.html" title="Year 2038 considerations for uses of krb5_timestamp"
>next</a> |
<a href="../genindex.html" title="General Index"
>index</a> |