Provided by: gss-man_1.0.3-2_all 
NAME
gss_export_sec_context - API function
SYNOPSIS
#include <gss.h>
OM_uint32 gss_export_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token);
ARGUMENTS
OM_uint32 * minor_status
(Integer, modify) Mechanism specific status code.
gss_ctx_id_t * context_handle
(gss_ctx_id_t, modify) Context handle identifying
the context to transfer.
gss_buffer_t interprocess_token
(buffer, opaque, modify) Token to be
transferred to target process. Storage associated with this
token must be freed by the application after use with a call to
gss_release_buffer().
DESCRIPTION
Provided to support the sharing of work between multiple processes. This routine will
typically be used by the context-acceptor, in an application where a single process
receives incoming connection requests and accepts security contexts over them, then passes
the established context to one or more other processes for message exchange.
gss_export_sec_context() deactivates the security context for the calling process and
creates an interprocess token which, when passed to gss_import_sec_context in another
process, will re-activate the context in the second process. Only a single instantiation
of a given context may be active at any one time; a subsequent attempt by a context
exporter to access the exported security context will fail.
The implementation may constrain the set of processes by which the interprocess token may
be imported, either as a function of local security policy, or as a result of
implementation decisions. For example, some implementations may constrain contexts to be
passed only between processes that run under the same account, or which are part of the
same process group.
The interprocess token may contain security-sensitive information (for example
cryptographic keys). While mechanisms are encouraged to either avoid placing such
sensitive information within interprocess tokens, or to encrypt the token before returning
it to the application, in a typical object-library GSS-API implementation this may not be
possible. Thus the application must take care to protect the interprocess token, and
ensure that any process to which the token is transferred is trustworthy.
If creation of the interprocess token is successful, the implementation shall deallocate
all process-wide resources associated with the security context, and set the
context_handle to GSS_C_NO_CONTEXT. In the event of an error that makes it impossible to
complete the export of the security context, the implementation must not return an
interprocess token, and should strive to leave the security context referenced by the
context_handle parameter untouched. If this is impossible, it is permissible for the
implementation to delete the security context, providing it also sets the context_handle
parameter to GSS_C_NO_CONTEXT.
RETURN VALUE
`GSS_S_COMPLETE`: Successful completion.
`GSS_S_CONTEXT_EXPIRED`: The context has expired.
`GSS_S_NO_CONTEXT`: The context was invalid.
`GSS_S_UNAVAILABLE`: The operation is not supported.
REPORTING BUGS
Report bugs to <bug-gss@gnu.org>. GNU Generic Security Service home page:
http://www.gnu.org/software/gss/ General help using GNU software:
http://www.gnu.org/gethelp/
COPYRIGHT
Copyright © 2003-2013 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any
medium without royalty provided the copyright notice and this notice are preserved.
SEE ALSO
The full documentation for gss is maintained as a Texinfo manual. If the info and gss
programs are properly installed at your site, the command
info gss
should give you access to the complete manual.