Method GSSAPI.Cred()->mechs()
- Method
name
Method cred_usage
Method mechs
Method lifetime
Method init_lifetime
Method accept_lifetime
GSSAPI.Namename(void|stringmech)
intcred_usage(void|stringmech)
multiset(string) mechs()
int(0..)|Int.inflifetime()
int(0..)|Int.infinit_lifetime(stringmech)
int(0..)|Int.infaccept_lifetime(stringmech)- Description
Functions to query various properties about the credentials.
These wrap GSS_Inquire_cred according to RFC 2743 section 2.1.3 if mech is not given, and GSS_Inquire_cred_by_mech according to RFC 2743 section 2.1.5 otherwise.
- Parameter
mech If this is given then the credential for that specific mechanism is queried. mech contains the OID of the mechanism on dotted-decimal form.
Some of the query functions can only be used for a specific mechanism, in which case mech is required. Some can only be used on the credentials in general, and the mech argument is not applicable. Some can be used both ways, and then mech is optional.
name (void|string mech) Returns the name of the identity that the credential(s) assert. If mech is given then the returned name is a Mechanism Name (MN).
The returned GSSAPI.Name object is always a newly created one, even though it typically compares as equal with the ones given to acquire or add.
cred_usage (void|string mech) Returns how the credential(s) may be used, one of GSSAPI.INITIATE, GSSAPI.ACCEPT or GSSAPI.BOTH.
If mech is not given then the returned usage value reflects the union of the capabilities in all credentials.
mechs() Returns the set of mechanisms supported by the credential. The returned value is a multiset of strings with OIDs on dotted-decimal form.
lifetime() Returns the shortest validity lifetime left in any of the mechanisms that are part of the credentials, for either initiator or acceptor use.
Returns zero if some part of the credentials has expired.
Returns Int.inf if there is no time limit (in older pikes without Int.inf a large positive integer is returned instead).
init_lifetime (string mech) Returns the validity lifetime left for initiator use.
Returns zero if the credential has expired for this use or if its usage is GSSAPI.ACCEPT.
Returns Int.inf if there is no time limit (in older pikes without Int.inf a large positive integer is returned instead).
accept_lifetime (string mech) Returns the validity lifetime left for acceptor use.
Returns zero if the credential has expired for this use or if its usage is GSSAPI.INITIATE.
Returns Int.inf if there is no time limit (in older pikes without Int.inf a large positive integer is returned instead).
- Note
RFC 2743 doesn't preclude that these functions might block on network connections to remote authentication servers.