Required APIs and definitions for GSS-API authentication plug-ins
The following table is a complete list of GSS-APIs required for the Db2® security plug-in interface.
The supported APIs follow these specifications: Generic
Security Service Application Program Interface, Version 2 (IETF
RFC2743) and Generic Security Service API Version 2: C-Bindings (IETF
RFC2744). Before implementing a GSS-API based plug-in, you should
have a complete understanding of these specifications.
| API type | API name | Description |
|---|---|---|
| Client-side APIs | gss_init_sec_context |
Initiate a security context with a peer application. |
| Server-side APIs | gss_accept_sec_context |
Accept a security context initiated by a peer application. |
| Server-side APIs | gss_display_name |
Convert an internal format name to text. |
| Common APIs | gss_delete_sec_context |
Delete an established security context. |
| Common APIs | gss_display_status |
Obtain the text error message associated with a GSS-API status code. |
| Common APIs | gss_release_buffer |
Delete a buffer. |
| Common APIs | gss_release_cred |
Release local data structures associated with a GSS-API credential. |
| Common APIs | gss_release_name |
Delete internal format name. |
| Required definitions | GSS_C_DELEG_FLAG |
Requests delegation. |
| Required definitions | GSS_C_EMPTY_BUFFER |
Signifies that the gss_buffer_desc does
not contain any data. |
| Required definitions | GSS_C_GSS_CODE |
Indicates a GSS major status code. |
| Required definitions | GSS_C_INDEFINITE |
Indicates that the mechanism does not support context expiration. |
| Required definitions | GSS_C_MECH_CODE |
Indicates a GSS minor status code. |
| Required definitions | GSS_C_MUTUAL_FLAG |
Mutual authentication requested. |
| Required definitions | GSS_C_NO_BUFFER |
Signifies that the gss_buffer_t variable
does not point to a valid gss_buffer_desc structure. |
| Required definitions | GSS_C_NO_CHANNEL_BINDINGS |
No communication channel bindings. |
| Required definitions | GSS_C_NO_CONTEXT |
Signifies that the gss_ctx_id_t variable
does not point to a valid context. |
| Required definitions | GSS_C_NO_CREDENTIAL |
Signifies that gss_cred_id_t variable
does not point to a valid credential handle. |
| Required definitions | GSS_C_NO_NAME |
Signifies that the gss_name_t variable
does not point to a valid internal name. |
| Required definitions | GSS_C_NO_OID |
Use default authentication mechanism. |
| Required definitions | GSS_C_NULL_OID_SET |
Use default mechanism. |
| Required definitions | GSS_S_COMPLETE |
API completed successfully. |
| Required definitions | GSS_S_CONTINUE_NEEDED |
Processing is not complete and the API must be called again with the reply token received from the peer. |