1.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/
2.\" Authors: Doug Rabson <dfr@rabson.org>
3.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org>
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.Dd January 26, 2010
26.Dt RPC_GSS_SECCREATE 3
27.Os
28.Sh NAME
29.Nm rpc_gss_seccreate
30.Nd "create a security context using the RPCSEC_GSS protocol"
31.Sh LIBRARY
32.Lb librpcsec_gss
33.Sh SYNOPSIS
34.In rpc/rpcsec_gss.h
35.Ft AUTH *
36.Fo rpc_gss_seccreate
37.Fa "CLIENT *clnt"
38.Fa "const char *principal"
39.Fa "const char  *mechanism"
40.Fa "rpc_gss_service_t service"
41.Fa "const char *qop"
42.Fa "rpc_gss_options_req_t *options_req"
43.Fa "rpc_gss_options_ret_t *options_ret"
44.Fc
45.Sh DESCRIPTION
46This function is used to establish a security context between an
47application and a remote peer using the RPSEC_GSS protocol.
48.Sh PARAMETERS
49.Bl -tag -width "options_req"
50.It clnt
51An RPC handle which is connected to the remote peer
52.It principal
53The name of the service principal on the remote peer.
54For instance, a principal such as
55.Qq nfs@server.example.com
56might be used by an application which needs to contact an NFS server
57.It mechanism
58The desired mechanism for this security context.
59The value of mechanism should be the name of one of the security
60mechanisms listed in /etc/gss/mech.
61.It service
62Type of service requested.
63.Bl -tag -width "rpc_gss_svc_integrity"
64.It rpc_gss_svc_default
65The default - typically the same as
66.Dv rpc_gss_svc_none .
67.It rpc_gss_svc_none
68RPC headers only are integrity protected by a checksum.
69.It rpc_gss_svc_integrity
70RPC headers and data are integrity protected by a checksum.
71.It rpc_gss_svc_privacy
72RPC headers are integrity protected by a checksum and data is encrypted.
73.El
74.It qop
75Desired quality of protection or NULL for the default.
76Available values are listed in /etc/gss/qop
77.It options_req
78Extra security context options to be passed to the underlying GSS-API
79mechanism.
80Pass
81.Dv NULL
82to supply default values.
83.It options_ret
84Various values returned by the underlying GSS-API mechanism.
85Pass
86.Dv NULL
87if these values are not required.
88.El
89.Sh RETURN VALUES
90If the security context was created successfully, a pointer to an
91.Vt AUTH
92structure that represents the context is returned.
93To use this security context for subsequent RPC calls, set
94.Va clnt->cl_auth
95to this value.
96.Sh SEE ALSO
97.Xr gssapi 3 ,
98.Xr rpc 3 ,
99.Xr rpcsec_gss 3 ,
100.Xr mech 5 ,
101.Xr qop 5
102.Sh HISTORY
103The
104.Nm
105function first appeared in
106.Fx 8.0 .
107.Sh AUTHORS
108This
109manual page was written by
110.An Doug Rabson Aq Mt dfr@FreeBSD.org .
111