Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
KRB5_MK_REQ(3)		    Library Functions Manual		KRB5_MK_REQ(3)

NAME
       krb5_mk_req,   krb5_mk_req_exact,   krb5_mk_req_extended,  krb5_rd_req,
       krb5_rd_req_with_keyblock,	krb5_mk_rep,	    krb5_mk_rep_exact,
       krb5_mk_rep_extended,	      krb5_rd_rep,	    krb5_build_ap_req,
       krb5_verify_ap_req -- create and	read  application  authentication  re-
       quest

LIBRARY
       Kerberos	5 Library (libkrb5, -lkrb5)

SYNOPSIS
       #include	<krb5.h>

       krb5_error_code
       krb5_mk_req(krb5_context	context,      krb5_auth_context	*auth_context,
	   const krb5_flags ap_req_options,		  const	char *service,
	   const char *hostname,    krb5_data *in_data,	   krb5_ccache ccache,
	   krb5_data *outbuf);

       krb5_error_code
       krb5_mk_req_extended(krb5_context context,
	   krb5_auth_context *auth_context,   const krb5_flags ap_req_options,
	   krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf);

       krb5_error_code
       krb5_rd_req(krb5_context	context,      krb5_auth_context	*auth_context,
	   const krb5_data *inbuf,		  krb5_const_principal server,
	   krb5_keytab keytab,			   krb5_flags *ap_req_options,
	   krb5_ticket **ticket);

       krb5_error_code
       krb5_build_ap_req(krb5_context context,		 krb5_enctype enctype,
	   krb5_creds *cred,  krb5_flags ap_options,  krb5_data	authenticator,
	   krb5_data *retdata);

       krb5_error_code
       krb5_verify_ap_req(krb5_context context,
	   krb5_auth_context *auth_context,		  krb5_ap_req *ap_req,
	   krb5_const_principal	server,		      krb5_keyblock *keyblock,
	   krb5_flags flags,			   krb5_flags *ap_req_options,
	   krb5_ticket **ticket);

DESCRIPTION
       The  functions  documented  in  this manual page	document the functions
       that facilitates	the exchange between a	Kerberos  client  and  server.
       They are	the core functions used	in the authentication exchange between
       the client and the server.

       The  krb5_mk_req	 and krb5_mk_req_extended creates the Kerberos message
       KRB_AP_REQ that is sent from the	client to  the	server	as  the	 first
       packet  in a client/server exchange.  The result	that should be sent to
       server is stored	in outbuf.

       auth_context should be  allocated  with	krb5_auth_con_init()  or  NULL
       passed in, in that case,	it will	be allocated and freed internally.

       The  input  data	 in_data  will	have a checksum	calculated over	it and
       checksum	will be	transported in the message to the server.

       ap_req_options can be set to one	or more	of the following flags:

       AP_OPTS_USE_SESSION_KEY
	       Use the session key when	creating the request, used for user to
	       user authentication.

       AP_OPTS_MUTUAL_REQUIRED
	       Mark the	request	as mutual authenticate required	 so  that  the
	       receiver	returns	a mutual authentication	packet.

       The  krb5_rd_req	 read  the  AP_REQ in inbuf and	verify and extract the
       content.	 If server is specified, that server will be fetched from  the
       keytab and used unconditionally.	 If server is NULL, the	keytab will be
       search for a matching principal.

       The keytab argument specifies what keytab to search for receiving prin-
       cipals.	The arguments ap_req_options and ticket	returns	the content.

       When  the  AS-REQ  is  a	 user  to  user	 request, neither of keytab or
       principal are used, instead krb5_rd_req() expects the session key to be
       set in auth_context.

       The krb5_verify_ap_req and krb5_build_ap_req both constructs and	verify
       the AP_REQ message, should not be used by external code.

SEE ALSO
       krb5(3),	krb5.conf(5)

HEIMDAL				August 27, 2005			KRB5_MK_REQ(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=krb5_mk_req_extended&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help