NAME

 sec_cred_get_delegate - Returns a handle to the privilege attributes
                         of an intermediary in a delegation chain

 SYNOPSIS

 #include <dce/sec_cred.h>

 sec_cred_pa_handle_t sec_cred_get_delegate(
         rpc_authz_cred_handle_t callers_identity,
         sec_cred_cursor_t *cursor,
         error_status_t *status);

 PARAMETERS

 Input

   callers_identity
     A handle of type rpc_authz_cred_handle_t.  This handle is supplied
     as output of the rpc_binding_inq_auth_caller() call.

 Input/Output

 cursor
     As input, a pointer to a cursor of type sec_cred_cursor_t that has
     been initialized by the sec_cred_initialize_cursor() call. As an
     output parameter, cursor is a pointer to a cursor of type
     sec_attr_srch_cursor_t that is positioned past the principal whose
     privilege attributes have been returned in this call.

 Output

 status
     A pointer to the completion status.  On successful completion,
     status is assigned error_status_ok.

 DESCRIPTION

 The sec_cred_get_delegate() routine returns a handle to the the
 privilege attributes of an intermediary in a delegation chain that
 performed an authenticated RPC operation.

 This call is used by servers. Clients use the
 sec_login_cred_get_delegate() routine to return the privilege attribute
 handle of an intermediary in a delegation chain.

 The credential handle identified by callers_identity contains authenti-
 cation and authorization information for all delegates in the chain.
 This call returns a handle (sec_cred_pa_handle_t) to the privilege
 attributes of one of the delegates in the binding handle.  The
 sec_cred_pa_handle_t returned by this call is used in other
 sec_cred_get... calls to obtain privilege attribute information for a
 single delegate.

 To obtain the privilege attributes of each delegate in the credential
 handle identified by callers_identity, execute this call until the
 message sec_cred_s_no_more_entries is returned.

 Before you execute sec_cred_get_delegate(), you must execute:

  +  An rpc_binding_inq_auth_caller() call to obtain an
     rpc_authz_cred_handle_t for the callers_identity parameter.

  +  A sec_cred_initialize_cursor() call to initialize a cursor of type
     sec_cred_cursor_t.

 Use the sec_cred_free_pa_handle() all to free the resources associated
 with the sec_cred_pa_handle_t.

 ERRORS

 sec_cred_s_invalid_auth_handle

 sec_cred_s_invalid_cursor

 sec_cred_s_no_more_entries

 error_status_ok

 RELATED INFORMATION

 Functions: sec_intro
            rpc_binding_inq_auth_caller
            sec_cred_initialize_cursor
            sec_cred_get_deleg_restrictions
            sec_cred_get_delegation_type
            sec_cred_get_extended_attrs
            sec_cred_get_opt_restrictions
            sec_cred_get_pa_date
            sec_cred_get_req_restrictions
            sec_cred_get_tgt_restrictions
            sec_cred_get_v1_pac
            sec_cred_free_pa_handle