gss_get_mic()--Generate Cryptographic Signature for Message
Syntax
#include <gssapi.h> OM_uint32 gss_get_mic( OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_qop_t qop_req, gss_buffer_t input_message gss_buffer_t output_token);Service Program Name: QSYS/QKRBGSS
Default public authority: *USE
Threadsafe: Yes
The gss_get_mic() function generates a cryptographic signature for a message and returns this signature in a token that can be sent to a partner application. The partner application then calls the gss_verify_mic() routine to validate the signature.
Parameters
- minor_status (Output)
- A status code from the security mechanism.
- context_handle (Input)
- The context to be associated with the message when it is sent to the
partner application.
- qop_req (Input)
- The requested quality of protection for the message. Specify
GSS_C_QOP_DEFAULT to use the default quality of protection as
defined by the selected security mechanism.
The Kerberos security mechanism supports three quality of protection levels as follows (in decreasing order or speed):
GSS_KRB5_INTEG_C_QOP_MD5 Truncated MD5 GSS_KRB5_INTEG_C_QOP_DES_MD5 DES_MAC of an MD5 hash (default) GSS_KRB5_INTEG_C_QOP_DES_MAC Normal DES_MAC algorithm
- input_message (Input)
- The message for which a signature is to be generated.
- output_token (Output)
- A token containing the message signature. The message and this token are then sent to the partner application, which calls the gss_verify_mic() function to verify the authenticity of the message.
Return Value
The return value is one of the following status codes:
- GSS_S_BAD_QOP
- The requested quality of protection value is not valid.
- GSS_S_COMPLETE
- The routine completed successfully.
- GSS_S_CONTEXT_EXPIRED
- The referenced context has expired.
- GSS_S_CREDENTIALS_EXPIRED
- The credentials associated with the referenced context have expired.
- GSS_S_FAILURE
- The routine failed for reasons that are not defined at the GSS level. The
minor_status return parameter contains a mechanism-dependent error
code describing the reason for the failure.
- GSS_S_NO_CONTEXT
- The context identifier provided by the caller does not refer to a valid security context.
Authorities
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
API introduced: V5R1
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]