KRB5_MK_REQ(3) NetBSD Library Functions Manual KRB5_MK_REQ(3)
NAME
krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req -- create and read application authentication request
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5/krb5.h> krb5_error_code krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, const char *service, const char *hostname, krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf); krb5_error_code krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf); krb5_error_code krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket); krb5_error_code krb5_build_ap_req(krb5_context context, krb5_enctype enctype, krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator, krb5_data *retdata); krb5_error_code krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, krb5_const_principal server, krb5_keyblock *keyblock, krb5_flags flags, krb5_flags *ap_req_options, krb5_ticket **ticket);
DESCRIPTION
The functions documented in this manual page document the functions that facilitates the exchange between a Kerberos client and server. They are the core functions used in the authentication exchange between the client and the server. The krb5_mk_req and krb5_mk_req_extended creates the Kerberos message KRB_AP_REQ that is sent from the client to the server as the first packet in a client/server exchange. The result that should be sent to server is stored in outbuf. auth_context should be allocated with krb5_auth_con_init() or NULL passed in, in that case, it will be allocated and freed internally. The input data in_data will have a checksum calculated over it and check- sum will be transported in the message to the server. ap_req_options can be set to one or more of the following flags: AP_OPTS_USE_SESSION_KEY Use the session key when creating the request, used for user to user authentication. AP_OPTS_MUTUAL_REQUIRED Mark the request as mutual authenticate required so that the receiver returns a mutual authentication packet. The krb5_rd_req read the AP_REQ in inbuf and verify and extract the con- tent. If server is specified, that server will be fetched from the keytab and used unconditionally. If server is NULL, the keytab will be search for a matching principal. The keytab argument specifies what keytab to search for receiving princi- pals. The arguments ap_req_options and ticket returns the content. When the AS-REQ is a user to user request, neither of keytab or principal are used, instead krb5_rd_req() expects the session key to be set in auth_context. The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify the AP_REQ message, should not be used by external code.
SEE ALSO
krb5(3), krb5.conf(5) NetBSD 8.0 August 27, 2005 NetBSD 8.0
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.