Pike v8.0 release 1738

Method GSSAPI.Cred()->add()


Method add

void add(Name|string name, int cred_usage, string desired_mech, void|int(0..)|array(int(0..)) desired_time)

Description

Adds another credential element to this object. If this object has no credentials already then it will get the default credentials in addition to this specified one.

This wraps GSS_Add_cred according to RFC 2743 section 2.1.4.

Parameter name

The name of the identity for which a credential should be acquired. It is up to the GSS-API implementation to check whether the running process has sufficient privileges to act on behalf of this identity.

This can be either a GSSAPI.Name object or a string. In the latter case, the string is converted to a GSS-API name according to a mechanism-specific default printable syntax, i.e. just like if it would be given as the sole argument to GSSAPI.Name.create.

If this is zero then a credential for the default principal (if any) are retrieved.

Parameter cred_usage

Specifies how the credential will be used. One of GSSAPI.INITIATE, GSSAPI.ACCEPT or GSSAPI.BOTH.

Parameter desired_mech

The mechanism that the credential should cover, as an OID on dotted-decimal form.

Parameter desired_time

Number of seconds the credential should remain valid. The GSS-API implementation may return a credential that is valid both longer and shorter than this. Zero or left out means use the maximum permitted time.

This can also be an array containing two elements. In that case the first element applies to the credential when it is used to initiate contexts, and the second element applies to use for acceptor contexts.

Note

This function might block on network connections to remote authentication servers.