NAME¶

shishi_kdc_process - API function

SYNOPSIS¶

#include <shishi.h>

int shishi_kdc_process(Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 kdcrep, Shishi_key * key, int keyusage, Shishi_asn1 * enckdcreppart);

ARGUMENTS¶

Shishi * handle

Shishi handle as allocated by shishi_init().

Shishi_asn1 kdcreq

Input variable holding the transmitted KDC-REQ.

Shishi_asn1 kdcrep

Input variable holding the received KDC-REP.

Shishi_key * key

Input pointet to key for decrypting parts of kdcrep.

int keyusage

Kerberos key usage code.

Shishi_asn1 * enckdcreppart

Output pointer for the extracted EncKDCRepPart.

DESCRIPTION¶

Processes a KDC client exchange and extracts a decrypted EncKDCRepPart, holding details about the received ticket. Use shishi_kdcrep_get_ticket() to extract the ticket itself. This function verifies the various conditions that must hold if the response is to be considered valid. In particular, it compares nonces (using shishi_kdc_check_nonce()), and if the exchange was an AS exchange, it also checks cname and crealm (using shishi_as_check_cname(), shishi_as_check_crealm()).

Usually shishi_as_process() and shishi_tgs_process() should be used instead of this call, since they simplify computation of the decryption key.

RETURN VALUE¶

Returns SHISHI_OK if the KDC client exchange was successful. Multiple failure conditions are possible.

REPORTING BUGS¶

Report bugs to <bug-shishi@gnu.org>. GNU Shishi home page: http://www.gnu.org/software/shishi/ General help using GNU software: http://www.gnu.org/gethelp/

COPYRIGHT¶

Copyright © 2002-2022 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.

SEE ALSO¶

The full documentation for shishi is maintained as a Texinfo manual. If the info and shishi programs are properly installed at your site, the command

info shishi

should give you access to the complete manual.