1KRB5_MK_REQ(3)           BSD Library Functions Manual           KRB5_MK_REQ(3)
2

NAME

4     krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req,
5     krb5_rd_req_with_keyblock, krb5_mk_rep, krb5_mk_rep_exact,
6     krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req
7     — create and read application authentication request
8

LIBRARY

10     Kerberos 5 Library (libkrb5, -lkrb5)
11

SYNOPSIS

13     #include <krb5.h>
14
15     krb5_error_code
16     krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
17         const krb5_flags ap_req_options, const char *service,
18         const char *hostname, krb5_data *in_data, krb5_ccache ccache,
19         krb5_data *outbuf);
20
21     krb5_error_code
22     krb5_mk_req_extended(krb5_context context,
23         krb5_auth_context *auth_context, const krb5_flags ap_req_options,
24         krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf);
25
26     krb5_error_code
27     krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
28         const krb5_data *inbuf, krb5_const_principal server,
29         krb5_keytab keytab, krb5_flags *ap_req_options,
30         krb5_ticket **ticket);
31
32     krb5_error_code
33     krb5_build_ap_req(krb5_context context, krb5_enctype enctype,
34         krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator,
35         krb5_data *retdata);
36
37     krb5_error_code
38     krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context,
39         krb5_ap_req *ap_req, krb5_const_principal server,
40         krb5_keyblock *keyblock, krb5_flags flags,
41         krb5_flags *ap_req_options, krb5_ticket **ticket);
42

DESCRIPTION

44     The functions documented in this manual page document the functions that
45     facilitates the exchange between a Kerberos client and server.  They are
46     the core functions used in the authentication exchange between the client
47     and the server.
48
49     The krb5_mk_req and krb5_mk_req_extended creates the Kerberos message
50     KRB_AP_REQ that is sent from the client to the server as the first packet
51     in a client/server exchange.  The result that should be sent to server is
52     stored in outbuf.
53
54     auth_context should be allocated with krb5_auth_con_init() or NULL passed
55     in, in that case, it will be allocated and freed internally.
56
57     The input data in_data will have a checksum calculated over it and check‐
58     sum will be transported in the message to the server.
59
60     ap_req_options can be set to one or more of the following flags:
61
62     AP_OPTS_USE_SESSION_KEY
63             Use the session key when creating the request, used for user to
64             user authentication.
65
66     AP_OPTS_MUTUAL_REQUIRED
67             Mark the request as mutual authenticate required so that the
68             receiver returns a mutual authentication packet.
69
70     The krb5_rd_req read the AP_REQ in inbuf and verify and extract the con‐
71     tent.  If server is specified, that server will be fetched from the
72     keytab and used unconditionally.  If server is NULL, the keytab will be
73     search for a matching principal.
74
75     The keytab argument specifies what keytab to search for receiving princi‐
76     pals.  The arguments ap_req_options and ticket returns the content.
77
78     When the AS-REQ is a user to user request, neither of keytab or principal
79     are used, instead krb5_rd_req() expects the session key to be set in
80     auth_context.
81
82     The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify
83     the AP_REQ message, should not be used by external code.
84

SEE ALSO

86     krb5(3), krb5.conf(5)
87
88HEIMDAL                         August 27, 2005                        HEIMDAL
Impressum