krb5_mk_req_extended(3)
NAME
krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req,
krb5_rd_req_with_keyblock, krb5_mk_rep, krb5_mk_rep_exact,
krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req
-- create and read application authentication request
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5.h>
krb5_error_code
krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
const krb5_flags ap_req_options, const char *service,
const char *hostname, krb5_data *in_data, krb5_ccache ccache,
krb5_data *outbuf);
krb5_error_code
krb5_mk_req_extended(krb5_context context,
krb5_auth_context *auth_context, const krb5_flags ap_req_options,
krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf);
krb5_error_code
krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
const krb5_data *inbuf, krb5_const_principal server,
krb5_keytab keytab, krb5_flags *ap_req_options,
krb5_ticket **ticket);
krb5_error_code
krb5_build_ap_req(krb5_context context, krb5_enctype enctype,
krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator,
krb5_data *retdata);
krb5_error_code
krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context,
krb5_ap_req *ap_req, krb5_const_principal server,
krb5_keyblock *keyblock, krb5_flags flags,
krb5_flags *ap_req_options, krb5_ticket **ticket);
DESCRIPTION
The functions documented in this manual page document the functions that
facilitates the exchange between a Kerberos client and server. They are
the core functions used in the authentication exchange between the client
and the server.
The krb5_mk_req and krb5_mk_req_extended creates the Kerberos message
KRB_AP_REQ that is sent from the client to the server as the first packet
in a client/server exchange. The result that should be sent to server is
stored in outbuf.
auth_context should be allocated with krb5_auth_con_init() or NULL passed
in, in that case, it will be allocated and freed internally.
The input data in_data will have a checksum calculated over it and check-
sum will be transported in the message to the server.
ap_req_options can be set to one or more of the following flags:
AP_OPTS_USE_SESSION_KEY
Use the session key when creating the request, used for user to
user authentication.
AP_OPTS_MUTUAL_REQUIRED
Mark the request as mutual authenticate required so that the
receiver returns a mutual authentication packet.
The krb5_rd_req read the AP_REQ in inbuf and verify and extract the con-
tent. If server is specified, that server will be fetched from the
keytab and used unconditionally. If server is NULL, the keytab will be
search for a matching principal.
The keytab argument specifies what keytab to search for receiving princi-
pals. The arguments ap_req_options and ticket returns the content.
When the AS-REQ is a user to user request, neither of keytab or principal
are used, instead krb5_rd_req() expects the session key to be set in
auth_context.
The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify
the AP_REQ message, should not be used by external code.
SEE ALSO
krb5(3), krb5.conf(5)
HEIMDAL August 27, 2005 HEIMDAL
Man(1) output converted with
man2html