sec_cred_get_authz_session_info(3sec)

Synopsis

#include <dce/sec_cred.h

void sec_cred_get_authz_session_info(
rpc_authz_cred_handle_t callers_identity,
uuid_t *session_id,
sec_timeval_t *session_expiration,
error_status_t *status);

Parameters

Input

callers_identity
A credential handle of type rpc_authz_cred_handle_t. This handle is supplied as output of the rpc_binding_inq_auth_caller( ) call.

Output

session_ID
A pointer to a uuid_t that identifies the client's DCE authorization session.

session_expiration
A pointer to a sec_timeval_t that specifies the expiration time of the authenticated client's credentials.

status
A pointer to the completion status. On successful completion, status is assigned error_status_ok. Otherwise, it returns an error.

Description
The sec_cred_get_authz_session_info( ) routine retrieves session-specific information that represents the credentials of authenticated client specified by callers_identity. If the client is a member of a delegation chain, the information represents the credentials of all members of the chain.

The information can aid application servers in the construction of identity-based caches. For example, it could be used as a key into a cache of previously allocated delegation contexts and thus avoid the overhead of allocating a new login context on every remote operation. It could also be used as a key into a table of previously computed authorization decisions.

Before you execute this call, you must execute an rpc_binding_inq_auth_caller( ) call to obtain an rpc_authz_cred_handle_t for the callers_identity parameter.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_cred_s_authz_cannot_comply

error_status_ok

Related Information
Functions:

sec_intro(3sec)

rpc_binding_inq_auth_caller(3rpc)