Man Linux: Main Page and Category List


       gss_export_sec_context - API function


       #include <gss.h>

       OM_uint32 gss_export_sec_context(OM_uint32 * minor_status, gss_ctx_id_t
       * context_handle, gss_buffer_t interprocess_token);


       OM_uint32 * minor_status
                   (Integer, modify) Mechanism specific status code.

       gss_ctx_id_t * context_handle
                   (gss_ctx_id_t, modify) Context handle identifying
                     the context to transfer.

       gss_buffer_t interprocess_token
                   (buffer, opaque, modify) Token to be
                     transferred to target process.  Storage  associated  with
                     token  must  be freed by the application after use with a
                   call to


       Provided to support the sharing of  work  between  multiple  processes.
       This  routine  will  typically  be  used by the context-acceptor, in an
       application  where  a  single  process  receives  incoming   connection
       requests  and  accepts  security  contexts  over  them, then passes the
       established  context  to  one  or  more  other  processes  for  message
       exchange. gss_export_sec_context() deactivates the security context for
       the calling process and  creates  an  interprocess  token  which,  when
       passed  to  gss_import_sec_context in another process, will re-activate
       the context in the second process. Only a  single  instantiation  of  a
       given  context may be active at any one time; a subsequent attempt by a
       context exporter to access the exported security context will fail.

       The implementation may constrain the set  of  processes  by  which  the
       interprocess  token  may  be  imported,  either  as a function of local
       security policy, or as  a  result  of  implementation  decisions.   For
       example,  some implementations may constrain contexts to be passed only
       between processes that run under the same account, or which are part of
       the same process group.

       The  interprocess token may contain security-sensitive information (for
       example cryptographic keys).  While mechanisms are encouraged to either
       avoid placing such sensitive information within interprocess tokens, or
       to encrypt the token before returning  it  to  the  application,  in  a
       typical object-library GSS-API implementation this may not be possible.
       Thus the application must take care to protect the interprocess  token,
       and  ensure  that  any  process  to  which  the token is transferred is

       If creation of the interprocess token is successful, the implementation
       shall   deallocate  all  process-wide  resources  associated  with  the
       security context, and set the context_handle to  GSS_C_NO_CONTEXT.   In
       the  event  of an error that makes it impossible to complete the export
       of  the  security  context,  the  implementation  must  not  return  an
       interprocess  token,  and  should  strive to leave the security context
       referenced by the  context_handle  parameter  untouched.   If  this  is
       impossible,  it  is  permissible  for  the implementation to delete the
       security context, providing it also sets the  context_handle  parameter
       to GSS_C_NO_CONTEXT.


       ‘GSS_S_COMPLETE‘: Successful completion.

       ‘GSS_S_CONTEXT_EXPIRED‘: The context has expired.

       ‘GSS_S_NO_CONTEXT‘: The context was invalid.

       ‘GSS_S_UNAVAILABLE‘: The operation is not supported.


       Report  bugs  to  <>.  GNU Generic Security Service home
       page: General help using GNU software:


       Copyright © 2003-2010 Simon Josefsson.
       Copying  and  distribution  of this file, with or without modification,
       are permitted in any medium  without  royalty  provided  the  copyright
       notice and this notice are preserved.


       The  full  documentation for gss is maintained as a Texinfo manual.  If
       the info and gss programs are properly  installed  at  your  site,  the

              info gss

       should give you access to the complete manual.