listing for G
gss_export_sec_context - Prepare security context for transfer to another
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token );
Kerberos 5 error code.
Security context to be transferred. After the context is
transferred, this parameter is set to GSS_C_NO_CONTEXT.
Token to be transferred to the target process.
The application must release the storage associated with the token
after use with a call to gss_release_buffer().
The gss_export_sec_context() function prepares a security context for
transfer to another process. It is typically used by the context acceptor
in an application where a single process receives incoming connection
requests and accepts security contexts over them. The initial process then
passes the established context to another process for message exchange.
This function disables the security context for the calling process and
creates an interprocess token that, when passed to gss_import_sec_context()
in another process, re-enables the context in the second process. Only a
single instance of a given security context may be active at any time; a
subsequent attempt by a context exporter to access the exported security
context will fail.
The interprocess token may contain security-sensitive information such as a
cryptographic key. Therefore, the application must take care to protect the
interprocess token and to ensure that any process to which the token is
transferred is trustworthy. In addition, this token should not be
transferred over a network in an insecure manner.
If creation of the interprocess token is successful, all process-wide
resources associated with the security context are deallocated and the
context_handle parameter is set to GSS_C_NO_CONTEXT. The security context
is not deleted until the exported security context token is created. If an
error occurs that makes it impossible to complete the export of the
security context, the original context is returned unchanged.
After use, the application must release the storage associated with the
token with a call to gss_release_buffer().
This function exports a token that can only be shared with other HP
Application Security SDK implementations.
Functions: gss_accept_sec_context(3), gss_import_sec_context(3),
listing for G