PreviousNext

Overview - GSSAPI Credentials

A GSSAPI credential is a data structure that provides proof of an application's claim to a principal name. An application uses a credential to establish its global identity. The global identity can be, but is not necessarily, related to the local user name under which the application (either the initiator or the acceptor) is running.

A credential can consist of either of the following:

· DCE login context

· Principal name

There are three types of credentials, as shown in the following table.


Credential Types

Credential Content
INITIATE A login context only. This credential identifies applications that only initiate security contexts.
ACCEPT Principal name and an associated entry key table. This credential identifies applications that only accept security contexts.
BOTH A login context and principal name with a key table entry. This credential identifies applications that can either initiate or accept security contexts.
Credentials are maintained internally to GSSAPI. When they establish a security context, applications use credential handles to point to the credentials they need.

When an application initiates or accepts a security context, it can use GSSAPI routines with either a default credential or a specific credential handle. This topic discusses how applications do the following:

· Use default credentials

· Create credential handles to refer to specific credentials

· Delegate credentials

For detailed information on the GSSAPI routines referred to in this topic, see the OSF DCE Application Development Reference.