A GSSAPI credential is a data structure that provides proof of an application's claim to a principal name. An application uses a credential to establish its global identity. The global identity can be, but is not necessarily, related to the local user name under which the application (either the initiator or the acceptor) is running.
A credential can consist of either of the following:
· DCE login context
· Principal name
There are three types of credentials, as shown in the following table.
Credential Types
Credential | Content |
INITIATE | A login context only. This credential identifies applications that only initiate security contexts. |
ACCEPT | Principal name and an associated entry key table. This credential identifies applications that only accept security contexts. |
BOTH | A login context and principal name with a key table entry. This credential identifies applications that can either initiate or accept security contexts. |
When an application initiates or accepts a security context, it can use GSSAPI routines with either a default credential or a specific credential handle. This topic discusses how applications do the following:
· Use default credentials
· Create credential handles to refer to specific credentials
· Delegate credentials
For detailed information on the GSSAPI routines referred to in this topic, see the OSF DCE Application Development Reference.