Pike v8.1 release 6

Method GSSAPI.Cred()->acquire()


Method acquire

void acquire(Name|string name, int cred_usage, void|multiset(string) desired_mechs, void|int(0..) desired_time)

Description

Acquire initial credentials for this object. It is an error if it already has some credentials.

This wraps GSS_Acquire_cred according to RFC 2743 section 2.1.1.

Parameter name

The name of the identity for which credentials should be acquired. It is up to the GSS-API implementation to check whether the running process is authorized to act on behalf of this identity.

This can be either a GSSAPI.Name object or a string. In the latter case, the string is converted to a GSS-API name according to a mechanism-specific default printable syntax, i.e. just like if it would be given as the sole argument to GSSAPI.Name.create.

If this is zero then credentials for the default principal (if any) are retrieved.

Parameter cred_usage

Specifies how the credential will be used. One of GSSAPI.INITIATE, GSSAPI.ACCEPT or GSSAPI.BOTH.

Parameter desired_mechs

The mechanisms that the credentials should cover, as a multiset containing their OIDs on dotted-decimal form. If zero or left out then a default set provided by the GSS-API implementation is used.

It is an error to pass an empty multiset.

Parameter desired_time

Number of seconds the credentials should remain valid. The GSS-API implementation may return credentials that are valid both longer and shorter than this. Zero or left out means use the maximum permitted time.

Note

This function might block on network connections to remote authentication servers.