DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

krb5_mk_rep_extended(3)





NAME

     krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req,
     krb5_rd_req_with_keyblock, krb5_mk_rep, krb5_mk_rep_exact,
     krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req
     -- create and read application authentication request


LIBRARY

     Kerberos 5 Library (libkrb5, -lkrb5)


SYNOPSIS

     #include <krb5.h>

     krb5_error_code
     krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
         const krb5_flags ap_req_options, const char *service,
         const char *hostname, krb5_data *in_data, krb5_ccache ccache,
         krb5_data *outbuf);

     krb5_error_code
     krb5_mk_req_extended(krb5_context context,
         krb5_auth_context *auth_context, const krb5_flags ap_req_options,
         krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf);

     krb5_error_code
     krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
         const krb5_data *inbuf, krb5_const_principal server,
         krb5_keytab keytab, krb5_flags *ap_req_options,
         krb5_ticket **ticket);

     krb5_error_code
     krb5_build_ap_req(krb5_context context, krb5_enctype enctype,
         krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator,
         krb5_data *retdata);

     krb5_error_code
     krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context,
         krb5_ap_req *ap_req, krb5_const_principal server,
         krb5_keyblock *keyblock, krb5_flags flags,
         krb5_flags *ap_req_options, krb5_ticket **ticket);


DESCRIPTION

     The functions documented in this manual page document the functions that
     facilitates the exchange between a Kerberos client and server.  They are
     the core functions used in the authentication exchange between the client
     and the server.

     The krb5_mk_req and krb5_mk_req_extended creates the Kerberos message
     KRB_AP_REQ that is sent from the client to the server as the first packet
     in a client/server exchange.  The result that should be sent to server is
     stored in outbuf.

     auth_context should be allocated with krb5_auth_con_init() or NULL passed
     in, in that case, it will be allocated and freed internally.

     The input data in_data will have a checksum calculated over it and check-
     sum will be transported in the message to the server.

     ap_req_options can be set to one or more of the following flags:

     AP_OPTS_USE_SESSION_KEY
             Use the session key when creating the request, used for user to
             user authentication.

     AP_OPTS_MUTUAL_REQUIRED
             Mark the request as mutual authenticate required so that the
             receiver returns a mutual authentication packet.

     The krb5_rd_req read the AP_REQ in inbuf and verify and extract the con-
     tent.  If server is specified, that server will be fetched from the
     keytab and used unconditionally.  If server is NULL, the keytab will be
     search for a matching principal.

     The keytab argument specifies what keytab to search for receiving princi-
     pals.  The arguments ap_req_options and ticket returns the content.

     When the AS-REQ is a user to user request, neither of keytab or principal
     are used, instead krb5_rd_req() expects the session key to be set in
     auth_context.

     The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify
     the AP_REQ message, should not be used by external code.


SEE ALSO

     krb5(3), krb5.conf(5)

HEIMDAL                         August 27, 2005                        HEIMDAL

Man(1) output converted with man2html