Section: C Library Functions (3)Local indexUp BSD mandoc
HEIMDAL
NAME
krb5_mk_reqkrb5_mk_req_exactkrb5_mk_req_extendedkrb5_rd_reqkrb5_rd_req_with_keyblockkrb5_mk_repkrb5_mk_rep_exactkrb5_mk_rep_extendedkrb5_rd_repkrb5_build_ap_reqkrb5_verify_ap_req
- create and read application authentication request
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
In krb5.h
Ft krb5_error_code
Fo krb5_mk_req
Fa krb5_context context
Fa krb5_auth_context *auth_context
Fa const krb5_flags ap_req_options
Fa const char *service
Fa const char *hostname
Fa krb5_data *in_data
Fa krb5_ccache ccache
Fa krb5_data *outbuf
Fc Ft krb5_error_code
Fo krb5_mk_req_extended
Fa krb5_context context
Fa krb5_auth_context *auth_context
Fa const krb5_flags ap_req_options
Fa krb5_data *in_data
Fa krb5_creds *in_creds
Fa krb5_data *outbuf
Fc Ft krb5_error_code
Fo krb5_rd_req
Fa krb5_context context
Fa krb5_auth_context *auth_context
Fa const krb5_data *inbuf
Fa krb5_const_principal server
Fa krb5_keytab keytab
Fa krb5_flags *ap_req_options
Fa krb5_ticket **ticket
Fc Ft krb5_error_code
Fo krb5_build_ap_req
Fa krb5_context context
Fa krb5_enctype enctype
Fa krb5_creds *cred
Fa krb5_flags ap_options
Fa krb5_data authenticator
Fa krb5_data *retdata
Fc Ft krb5_error_code
Fo krb5_verify_ap_req
Fa krb5_context context
Fa krb5_auth_context *auth_context
Fa krb5_ap_req *ap_req
Fa krb5_const_principal server
Fa krb5_keyblock *keyblock
Fa krb5_flags flags
Fa krb5_flags *ap_req_options
Fa krb5_ticket **ticket
Fc
DESCRIPTION
The functions documented in this manual page document the functions
that facilitates the exchange between a Kerberos client and server.
They are the core functions used in the authentication exchange
between the client and the server.
The
krb5_mk_req
and
krb5_mk_req_extended
creates the Kerberos message
KRB_AP_REQ
that is sent from the client to the server as the first packet in a client/server exchange. The result that should be sent to server is stored in
Fa outbuf .
Fa auth_context
should be allocated with
Fn krb5_auth_con_init
or
NULL
passed in, in that case, it will be allocated and freed internally.
The input data
Fa in_data
will have a checksum calculated over it and checksum will be
transported in the message to the server.
Fa ap_req_options
can be set to one or more of the following flags:
AP_OPTS_USE_SESSION_KEY
Use the session key when creating the request, used for user to user
authentication.
AP_OPTS_MUTUAL_REQUIRED
Mark the request as mutual authenticate required so that the receiver
returns a mutual authentication packet.
The
krb5_rd_req
read the AP_REQ in
Fa inbuf
and verify and extract the content.
If
Fa server
is specified, that server will be fetched from the
Fa keytab
and used unconditionally.
If
Fa server
is
NULL
the
Fa keytab
will be search for a matching principal.
The
Fa keytab
argument specifies what keytab to search for receiving principals.
The arguments
Fa ap_req_options
and
Fa ticket
returns the content.
When the AS-REQ is a user to user request, neither of
Fa keytab
or
Fa principal
are used, instead
Fn krb5_rd_req
expects the session key to be set in
Fa auth_context .
The
krb5_verify_ap_req
and
krb5_build_ap_req
both constructs and verify the AP_REQ message, should not be used by
external code.