table of contents
KRB5_MK_REQ(3) | Library Functions Manual | KRB5_MK_REQ(3) |
NAME¶
krb5_mk_req
,
krb5_mk_req_exact
,
krb5_mk_req_extended
,
krb5_rd_req
,
krb5_rd_req_with_keyblock
,
krb5_mk_rep
,
krb5_mk_rep_exact
,
krb5_mk_rep_extended
,
krb5_rd_rep
,
krb5_build_ap_req
,
krb5_verify_ap_req
— create
and read application authentication request
LIBRARY¶
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS¶
#include
<krb5.h>
krb5_error_code
krb5_mk_req
(krb5_context
context, krb5_auth_context *auth_context,
const krb5_flags ap_req_options, const
char *service, const char *hostname,
krb5_data *in_data, krb5_ccache
ccache, krb5_data *outbuf);
krb5_error_code
krb5_mk_req_extended
(krb5_context
context, krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
krb5_data *in_data, krb5_creds
*in_creds, krb5_data *outbuf);
krb5_error_code
krb5_rd_req
(krb5_context
context, krb5_auth_context *auth_context,
const krb5_data *inbuf,
krb5_const_principal server,
krb5_keytab keytab, krb5_flags
*ap_req_options, krb5_ticket **ticket);
krb5_error_code
krb5_build_ap_req
(krb5_context
context, krb5_enctype enctype,
krb5_creds *cred, krb5_flags
ap_options, krb5_data authenticator,
krb5_data *retdata);
krb5_error_code
krb5_verify_ap_req
(krb5_context
context, krb5_auth_context *auth_context,
krb5_ap_req *ap_req,
krb5_const_principal server,
krb5_keyblock *keyblock, krb5_flags
flags, krb5_flags *ap_req_options,
krb5_ticket **ticket);
DESCRIPTION¶
The functions documented in this manual page document the functions that facilitates the exchange between a Kerberos client and server. They are the core functions used in the authentication exchange between the client and the server.
The krb5_mk_req
and
krb5_mk_req_extended
creates the Kerberos message
KRB_AP_REQ
that is sent from the client to the
server as the first packet in a client/server exchange. The result that
should be sent to server is stored in outbuf.
auth_context should
be allocated with
krb5_auth_con_init
()
or NULL
passed in, in that case, it will be
allocated and freed internally.
The input data in_data will have a checksum calculated over it and checksum will be transported in the message to the server.
ap_req_options can be set to one or more of the following flags:
AP_OPTS_USE_SESSION_KEY
- Use the session key when creating the request, used for user to user authentication.
AP_OPTS_MUTUAL_REQUIRED
- Mark the request as mutual authenticate required so that the receiver returns a mutual authentication packet.
The krb5_rd_req
read the AP_REQ in
inbuf and verify and extract the content. If
server is specified, that server will be fetched from
the keytab and used unconditionally. If
server is NULL
, the
keytab will be search for a matching principal.
The keytab argument specifies what keytab to search for receiving principals. The arguments ap_req_options and ticket returns the content.
When the AS-REQ is a user to user request,
neither of keytab or principal
are used, instead
krb5_rd_req
()
expects the session key to be set in auth_context.
The krb5_verify_ap_req
and
krb5_build_ap_req
both constructs and verify the
AP_REQ message, should not be used by external code.
SEE ALSO¶
August 27, 2005 | HEIMDAL |