The EPA API sec_cred_*( ) and login API sec_login_cred_*( ) calls extract privilege attribute information. These calls return information associated with an opaque handle to an authenticated identity.
The sec_cred_*( ) calls are used by servers that have been called by a client with authenticated credentials. The calls and the information they return are as follows:
· sec_cred_get_authz_session_info( )
Returns a client's authorization information
· sec_cred_get_client_princ_name( )
Returns the principal name of the client
· sec_cred_get_deleg_restrictions( )
Returns delegate restrictions
· sec_cred_get_delegate( )
Returns a credential handle to the privilege attributes of a delegate in a delegation chain
· sec_cred_get_delegation_type( )
Returns the delegation type
· sec_cred_get_extended_attrs( )
Returns extended attributes
· sec_cred_get_initiator( )
Returns a credential handle to the privilege attributes of the initiator of a delegation chain
· sec_cred_get_opt_restrictions( )
Returns optional restrictions
· sec_cred_get_pa_data( )
Returns privilege attributes from a credential handle
· sec_cred_get_req_restrictions( )
Returns required restrictions
· sec_cred_get_tgt_restrictions( )
Returns target restrictions
· sec_cred_get_v1_pac( )
Returns pre-Version 1.1 privilege attributes
· sec_cred_is_authenticated( )
Returns TRUE if the caller's privilege attributes are authenticated or FALSE otherwise
The sec_login_cred_*( ) calls are used by clients that are part of a delegation chain. The calls and the information they return are as follows:
· sec_login_cred_get_delegate( )
Returns the privilege attributes of a delegate in a delegation chain.
· sec_login_cred_get_initiator( )
Returns the privilege attributes of the initiator of a delegation chain
The sec_cred_*( ) and sec_login_*( ) calls discussed in this topic return information about authenticated principals associated with an opaque credential handle supplied to the call. Two credential handles are used:
· sec_login_handle_t (returned by a client-side sec_login_get_current_context( ) call)
· rpc_authz_cred_handle_t (returned by a server-side rpc_inq_auth_caller( ) call)
These are handles to all the credentials in a delegation chain. The sec_login_cred_get_initiator( ), sec_login_cred_get_delegate( ), sec_cred_get_initiator( ), and sec_cred_get_delegate( ) calls return a handle of type sec_cred_pa_handle_t, which is a handle to the extended privilege attributes of a particular identity in a delegation chain. The other sec_cred_*( ) and sec_login_*( ) calls discussed in this topic take the sec_cred_pa_handle_t handle and return the requested information for the particular identity.