table of contents
KRB5_MK_REQ(3) | Library Functions Manual | KRB5_MK_REQ(3) |
NAME¶
krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req — create and read application authentication requestLIBRARY¶
Kerberos 5 Library (libkrb5, -lkrb5)SYNOPSIS¶
#include <krb5.h> krb5_error_codekrb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, const char *service, const char *hostname, krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf); krb5_error_code
krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf); krb5_error_code
krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket); krb5_error_code
krb5_build_ap_req(krb5_context context, krb5_enctype enctype, krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator, krb5_data *retdata); krb5_error_code
krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, krb5_const_principal server, krb5_keyblock *keyblock, krb5_flags flags, krb5_flags *ap_req_options, krb5_ticket **ticket);
DESCRIPTION¶
The functions documented in this manual page document the functions that facilitates the exchange between a Kerberos client and server. They are the core functions used in the authentication exchange between the client and the server. The krb5_mk_req and krb5_mk_req_extended creates the Kerberos messageKRB_AP_REQ
that is sent
from the client to the server as the first packet in a client/server exchange.
The result that should be sent to server is stored in
outbuf.
auth_context should be allocated with
krb5_auth_con_init() or NULL
passed
in, in that case, it will be allocated and freed internally.
The input data in_data will have a checksum calculated
over it and checksum will be transported in the message to the server.
ap_req_options can be set to one or more of the following
flags:
AP_OPTS_USE_SESSION_KEY
- Use the session key when creating the request, used for user to user authentication.
AP_OPTS_MUTUAL_REQUIRED
- Mark the request as mutual authenticate required so that the receiver returns a mutual authentication packet.
NULL
, the keytab will be search
for a matching principal.
The keytab argument specifies what keytab to search for
receiving principals. The arguments ap_req_options and
ticket returns the content.
When the AS-REQ is a user to user request, neither of
keytab or principal are used,
instead krb5_rd_req() expects the session key to be set in
auth_context.
The krb5_verify_ap_req and krb5_build_ap_req
both constructs and verify the AP_REQ message, should not be used by external
code.
SEE ALSO¶
krb5(3), krb5.conf(5)August 27, 2005 | HEIMDAL |