NAME

sec_cred_get_authz_session_info- Returns session-specific information that represents an authenticated client's credentials

SYNOPSIS

#include <dce/sec_cred.h>

void sec_cred_get_authz_session_info (
    rpc_authz_cred_handle_t callers_identity,
    uuid_t *session_id,
    sec_timeval_t *session_expiration,
    error_status_t *status );

PARAMETERS

Input

callers_identity

A credential handle of type rpc_authz_cred_handle_t. This handle is supplied as output of the rpc_binding_inq_auth_caller() call.

Output

session_ID

A pointer to a uuid_t that identifies the client's DCE authorization session.

session_expiration

A pointer to a sec_timeval_t that specifies the expiration time of the authenticated client's credentials.

status

A pointer to the completion status. On successful completion, status is assigned error_status_ok. Otherwise, it returns an error.

DESCRIPTION

The sec_cred_get_authz_session_info() routine retrieves session-specific information that represents the credentials of authenticated client specified by callers_identity. If the client is a member of a delegation chain, the information represents the credentials of all members of the chain.

The information can aid application servers in the construction of identity-based caches. For example, it could be used as a key into a cache of previously allocated delegation contexts and thus avoid the overhead of allocating a new login context on every remote operation. It could also be used as a key into a table of previously computed authorization decisions.

Before you execute this call, you must execute an rpc_binding_inq_auth_caller() call to obtain an rpc_authz_cred_handle_t for the callers_identity argument.

FILES

/usr/include/dce/sec_cred.idl

The idl file from which dce/sec_cred.h was derived.

ERRORS

sec_cred_s_authz_cannot_comply

error_status_ok

SEE ALSO

Functions: rpc_binding_inq_auth_caller().