| 1 |
|
|---|
| 2 | KRB5_MK_REQ(3) BSD Library Functions Manual KRB5_MK_REQ(3)
|
|---|
| 3 |
|
|---|
| 4 | NNAAMMEE
|
|---|
| 5 | kkrrbb55__mmkk__rreeqq, kkrrbb55__mmkk__rreeqq__eexxaacctt, kkrrbb55__mmkk__rreeqq__eexxtteennddeedd, kkrrbb55__rrdd__rreeqq,
|
|---|
| 6 | kkrrbb55__rrdd__rreeqq__wwiitthh__kkeeyybblloocckk, kkrrbb55__mmkk__rreepp, kkrrbb55__mmkk__rreepp__eexxaacctt,
|
|---|
| 7 | kkrrbb55__mmkk__rreepp__eexxtteennddeedd, kkrrbb55__rrdd__rreepp, kkrrbb55__bbuuiilldd__aapp__rreeqq, kkrrbb55__vveerriiffyy__aapp__rreeqq
|
|---|
| 8 | -- create and read application authentication request
|
|---|
| 9 |
|
|---|
| 10 | LLIIBBRRAARRYY
|
|---|
| 11 | Kerberos 5 Library (libkrb5, -lkrb5)
|
|---|
| 12 |
|
|---|
| 13 | SSYYNNOOPPSSIISS
|
|---|
| 14 | ##iinncclluuddee <<kkrrbb55..hh>>
|
|---|
| 15 |
|
|---|
| 16 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 17 | kkrrbb55__mmkk__rreeqq(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t,
|
|---|
| 18 | _c_o_n_s_t _k_r_b_5___f_l_a_g_s _a_p___r_e_q___o_p_t_i_o_n_s, _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e,
|
|---|
| 19 | _c_o_n_s_t _c_h_a_r _*_h_o_s_t_n_a_m_e, _k_r_b_5___d_a_t_a _*_i_n___d_a_t_a, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e,
|
|---|
| 20 | _k_r_b_5___d_a_t_a _*_o_u_t_b_u_f);
|
|---|
| 21 |
|
|---|
| 22 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 23 | kkrrbb55__mmkk__rreeqq__eexxtteennddeedd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 24 | _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t, _c_o_n_s_t _k_r_b_5___f_l_a_g_s _a_p___r_e_q___o_p_t_i_o_n_s,
|
|---|
| 25 | _k_r_b_5___d_a_t_a _*_i_n___d_a_t_a, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___d_a_t_a _*_o_u_t_b_u_f);
|
|---|
| 26 |
|
|---|
| 27 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 28 | kkrrbb55__rrdd__rreeqq(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t,
|
|---|
| 29 | _c_o_n_s_t _k_r_b_5___d_a_t_a _*_i_n_b_u_f, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _s_e_r_v_e_r,
|
|---|
| 30 | _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b, _k_r_b_5___f_l_a_g_s _*_a_p___r_e_q___o_p_t_i_o_n_s,
|
|---|
| 31 | _k_r_b_5___t_i_c_k_e_t _*_*_t_i_c_k_e_t);
|
|---|
| 32 |
|
|---|
| 33 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 34 | kkrrbb55__bbuuiilldd__aapp__rreeqq(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e,
|
|---|
| 35 | _k_r_b_5___c_r_e_d_s _*_c_r_e_d, _k_r_b_5___f_l_a_g_s _a_p___o_p_t_i_o_n_s, _k_r_b_5___d_a_t_a _a_u_t_h_e_n_t_i_c_a_t_o_r,
|
|---|
| 36 | _k_r_b_5___d_a_t_a _*_r_e_t_d_a_t_a);
|
|---|
| 37 |
|
|---|
| 38 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 39 | kkrrbb55__vveerriiffyy__aapp__rreeqq(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t,
|
|---|
| 40 | _k_r_b_5___a_p___r_e_q _*_a_p___r_e_q, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _s_e_r_v_e_r,
|
|---|
| 41 | _k_r_b_5___k_e_y_b_l_o_c_k _*_k_e_y_b_l_o_c_k, _k_r_b_5___f_l_a_g_s _f_l_a_g_s,
|
|---|
| 42 | _k_r_b_5___f_l_a_g_s _*_a_p___r_e_q___o_p_t_i_o_n_s, _k_r_b_5___t_i_c_k_e_t _*_*_t_i_c_k_e_t);
|
|---|
| 43 |
|
|---|
| 44 | DDEESSCCRRIIPPTTIIOONN
|
|---|
| 45 | The functions documented in this manual page document the functions that
|
|---|
| 46 | facilitates the exchange between a Kerberos client and server. They are
|
|---|
| 47 | the core functions used in the authentication exchange between the client
|
|---|
| 48 | and the server.
|
|---|
| 49 |
|
|---|
| 50 | The kkrrbb55__mmkk__rreeqq and kkrrbb55__mmkk__rreeqq__eexxtteennddeedd creates the Kerberos message
|
|---|
| 51 | KRB_AP_REQ that is sent from the client to the server as the first packet
|
|---|
| 52 | in a client/server exchange. The result that should be sent to server is
|
|---|
| 53 | stored in _o_u_t_b_u_f.
|
|---|
| 54 |
|
|---|
| 55 | _a_u_t_h___c_o_n_t_e_x_t should be allocated with kkrrbb55__aauutthh__ccoonn__iinniitt() or NULL passed
|
|---|
| 56 | in, in that case, it will be allocated and freed internally.
|
|---|
| 57 |
|
|---|
| 58 | The input data _i_n___d_a_t_a will have a checksum calculated over it and check-
|
|---|
| 59 | sum will be transported in the message to the server.
|
|---|
| 60 |
|
|---|
| 61 | _a_p___r_e_q___o_p_t_i_o_n_s can be set to one or more of the following flags:
|
|---|
| 62 |
|
|---|
| 63 | AP_OPTS_USE_SESSION_KEY
|
|---|
| 64 | Use the session key when creating the request, used for user to
|
|---|
| 65 | user authentication.
|
|---|
| 66 |
|
|---|
| 67 | AP_OPTS_MUTUAL_REQUIRED
|
|---|
| 68 | Mark the request as mutual authenticate required so that the
|
|---|
| 69 | receiver returns a mutual authentication packet.
|
|---|
| 70 |
|
|---|
| 71 | The kkrrbb55__rrdd__rreeqq read the AP_REQ in _i_n_b_u_f and verify and extract the con-
|
|---|
| 72 | tent. If _s_e_r_v_e_r is specified, that server will be fetched from the
|
|---|
| 73 | _k_e_y_t_a_b and used unconditionally. If _s_e_r_v_e_r is NULL, the _k_e_y_t_a_b will be
|
|---|
| 74 | search for a matching principal.
|
|---|
| 75 |
|
|---|
| 76 | The _k_e_y_t_a_b argument specifies what keytab to search for receiving princi-
|
|---|
| 77 | pals. The arguments _a_p___r_e_q___o_p_t_i_o_n_s and _t_i_c_k_e_t returns the content.
|
|---|
| 78 |
|
|---|
| 79 | When the AS-REQ is a user to user request, neither of _k_e_y_t_a_b or _p_r_i_n_c_i_p_a_l
|
|---|
| 80 | are used, instead kkrrbb55__rrdd__rreeqq() expects the session key to be set in
|
|---|
| 81 | _a_u_t_h___c_o_n_t_e_x_t.
|
|---|
| 82 |
|
|---|
| 83 | The kkrrbb55__vveerriiffyy__aapp__rreeqq and kkrrbb55__bbuuiilldd__aapp__rreeqq both constructs and verify
|
|---|
| 84 | the AP_REQ message, should not be used by external code.
|
|---|
| 85 |
|
|---|
| 86 | SSEEEE AALLSSOO
|
|---|
| 87 | krb5(3), krb5.conf(5)
|
|---|
| 88 |
|
|---|
| 89 | HEIMDAL August 27, 2005 HEIMDAL
|
|---|
