The vault is the object that ties the security contexts and credentials together. The vault here has been enhanced to "acquire" credentials, i.e. authenticate and create the own credentials objects. The PrincipalAuthenticator makes calls on this object.
This operation is used by the PrincipalAuthenticator to create the own credentials.
readonly attribute Security::OIDList supported_mech_oids;
This attribute returns the list of OIDs that name mechanisms, such as GSS kerberos, GSS sesame, etc. that are supported by this vault.
Security::AssociationStatus accept_security_context(in SecurityLevel2::CredentialsList cred_list, in Security::ChannelBindings chan_binding, in Security::Opaque in_token, out Security::OpaqueBuffer out_token, out ServerSecurityContext security_context);
This operation create a Server Side security context.
creds_list.
- This would normally be the list of
own credentials. Can't really see
using receieved credentials here.
chan_binding
- This channel binding.
in_token
- The token that needs to be accepted.
out_token
- The next token. If this token has
data.
Security::AuthenticationStatus acquire_credentials(in Security::AuthenticationMethod method, in Security::MechanismType mechanism, in Security::SecurityName security_name, in Security::Opaque auth_data, in Security::AttributeList privileges, out SecurityLevel2::Credentials creds, out Security::Opaque continuation_data, out Security::Opaque auth_specific_data);
SecurityReplaceable Enhancement.
This operation is used by the PrincipalAuthenticator to create the own credentials.
mechanism
- The mechanism, i.e. type, of the
credentials to acquire.
method
- The method of authentication that
is used.
security_name
- The security name of the credential.
auth_data
- Specific data in a form that is
specified by the vault particular to
the mechanism to authencticate the
security_name.
creds
- These are the output credentials of the
"Own" credentials type. These
same credentials may be retrieved off of
the security current.
continuation_data
- This parameter is for the return of
data for of continuation fo the authentication.
For this particular Kerberos Vault
the authentication is a one step process. No
data will be returned in this parameter.
auth_specific_data
- For the particular this Kerberos Vault
this parameter returns nothing.
Security::AuthenticationStatus continue_acquisition(in Security::Opaque response_data, in SecurityLevel2::Credentials creds, out Security::Opaque continuation_data, out Security::Opaque auth_specific_data);
This operation is for continuing the authentication process should it be needed, i.e. acquiree_credential returns SecAssocContinue. However, the particular Kerberos Vault does not continue acquisition, and therefore, it is not used.
Security::AuthenticationMethodList get_supported_authen_methods(in Security::MechanismType mechanism);
This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports. This operation raises a CORBA::BAD_PARAM exception of the vault does not support the mechanism.
Security::MechandOptionsList get_supported_mechs();
Returns the supported mechanisms.
Security::AssociationStatus init_security_context(in SecurityLevel2::Credentials creds, in Security::SecurityName target_security_name, in Object target, in Security::DelegationMode delegation_mode, in Security::OptionsDirectionPairList association_options, in Security::MechanismType mechanism, in Security::Opaque mech_data, in Security::ChannelBindings chan_binding, out Security::OpaqueBuffer security_token, out ClientSecurityContext security_context);
This operation initialized a ClientSide Security Context.
cred_list
- The list of credentials to use. This
will be a list of one own credential
or the list of receieved credentials.
Uggh, this unsemantic list!
target_security_name
- The name of the target to authenticate.
target
- This is the object reference, and this
really has no semantic meaning, since
security contexts can be reused over
multiple targets. So this parameter
doesn't make much sense.
delegation_mode
- This is the delegation mode that we
want to support for the context.
mechanism
- The mechanism we are going to use.
This largley has to do with the
credentials supplied.
chan_binding
- The channel bindings for the security
context.
security_token
- This is the initial security token.
securit_context
- This is a ClientSide security context
in the SecContextInitialized state.
Generated by the ORBacus IDL-to-HTML translator (non-commercial)