Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KRB5_GET_INIT_CREDS(3)	    Library Functions Manual	KRB5_GET_INIT_CREDS(3)

NAME
       krb5_get_init_creds,			   krb5_get_init_creds_keytab,
       krb5_get_init_creds_opt,			krb5_get_init_creds_opt_alloc,
       krb5_get_init_creds_opt_free,		 krb5_get_init_creds_opt_init,
       krb5_get_init_creds_opt_set_address_list,
       krb5_get_init_creds_opt_set_addressless,
       krb5_get_init_creds_opt_set_anonymous,
       krb5_get_init_creds_opt_set_default_flags,
       krb5_get_init_creds_opt_set_etype_list,
       krb5_get_init_creds_opt_set_forwardable,
       krb5_get_init_creds_opt_set_pa_password,
       krb5_get_init_creds_opt_set_paq_request,
       krb5_get_init_creds_opt_set_preauth_list,
       krb5_get_init_creds_opt_set_proxiable,
       krb5_get_init_creds_opt_set_renew_life,
       krb5_get_init_creds_opt_set_salt, krb5_get_init_creds_opt_set_tkt_life,
       krb5_get_init_creds_opt_set_canonicalize,
       krb5_get_init_creds_opt_set_win2k,	 krb5_get_init_creds_password,
       krb5_prompt,  krb5_prompter_posix  -- Kerberos 5	initial	authentication
       functions

LIBRARY
       Kerberos	5 Library (libkrb5, -lkrb5)

SYNOPSIS
       #include	<krb5.h>

       krb5_get_init_creds_opt;

       krb5_error_code
       krb5_get_init_creds_opt_alloc(krb5_context context,
	   krb5_get_init_creds_opt **opt);

       void
       krb5_get_init_creds_opt_free(krb5_context context,
	   krb5_get_init_creds_opt *opt);

       void
       krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);

       void
       krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt	*opt,
	   krb5_addresses *addresses);

       void
       krb5_get_init_creds_opt_set_addressless(krb5_get_init_creds_opt *opt,
	   krb5_boolean	addressless);

       void
       krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
	   int anonymous);

       void
       krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt,
	   int change_password_prompt);

       void
       krb5_get_init_creds_opt_set_default_flags(krb5_context context,
	   const char *appname,			       krb5_const_realm	realm,
	   krb5_get_init_creds_opt *opt);

       void
       krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
	   krb5_enctype	*etype_list, int etype_list_length);

       void
       krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
	   int forwardable);

       krb5_error_code
       krb5_get_init_creds_opt_set_pa_password(krb5_context context,
	   krb5_get_init_creds_opt *opt,		 const char *password,
	   krb5_s2k_proc key_proc);

       krb5_error_code
       krb5_get_init_creds_opt_set_paq_request(krb5_context context,
	   krb5_get_init_creds_opt *opt, krb5_boolean req_pac);

       krb5_error_code
       krb5_get_init_creds_opt_set_pkinit(krb5_context context,
	   krb5_get_init_creds_opt *opt,		const char *cert_file,
	   const char *key_file,      const char *x509_anchors,	    int	flags,
	   char	*password);

       void
       krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt	*opt,
	   krb5_preauthtype *preauth_list, int preauth_list_length);

       void
       krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
	   int proxiable);

       void
       krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
	   krb5_deltat renew_life);

       void
       krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt	*opt,
	   krb5_data *salt);

       void
       krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
	   krb5_deltat tkt_life);

       krb5_error_code
       krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
	   krb5_get_init_creds_opt *opt, krb5_boolean req);

       krb5_error_code
       krb5_get_init_creds_opt_set_win2k(krb5_context context,
	   krb5_get_init_creds_opt *opt, krb5_boolean req);

       krb5_error_code
       krb5_get_init_creds(krb5_context	context,	    krb5_creds *creds,
	   krb5_principal client,		   krb5_prompter_fct prompter,
	   void	*prompter_data,			       krb5_deltat start_time,
	   const char *in_tkt_service, krb5_get_init_creds_opt *options);

       krb5_error_code
       krb5_get_init_creds_password(krb5_context context,   krb5_creds *creds,
	   krb5_principal client,			 const char *password,
	   krb5_prompter_fct prompter,			  void *prompter_data,
	   krb5_deltat start_time,		   const char *in_tkt_service,
	   krb5_get_init_creds_opt *in_options);

       krb5_error_code
       krb5_get_init_creds_keytab(krb5_context context,	    krb5_creds *creds,
	   krb5_principal client, krb5_keytab keytab,  krb5_deltat start_time,
	   const char *in_tkt_service, krb5_get_init_creds_opt *options);

       int
       krb5_prompter_posix(krb5_context	context, void *data, const char	*name,
	   const char *banner, int num_prompts,	krb5_prompt prompts[]);

DESCRIPTION
       Getting	initial	 credential  ticket for	a principal.  That may include
       changing	an expired password, and doing preauthentication.  This	inter-
       face that replaces the deprecated krb5_in_tkt  and  krb5_in_cred	 func-
       tions.

       If  you	only  want  to	verify a username and password,	consider using
       krb5_verify_user(3) instead, since it also verifies that	 initial  cre-
       dentials	 with  using  a	 keytab	to make	sure the response was from the
       KDC.

       First  a	 krb5_get_init_creds_opt   structure   is   initialized	  with
       krb5_get_init_creds_opt_alloc()	  or   krb5_get_init_creds_opt_init().
       krb5_get_init_creds_opt_alloc() allocates a extendible structures  that
       needs  to  be freed with	krb5_get_init_creds_opt_free().	 The structure
       may be modified by any of the  krb5_get_init_creds_opt_set()  functions
       to change request parameters and	authentication information.

       If  the	caller want to use the default options,	NULL can be passed in-
       stead.

       The  the	 actual	 request  to  the  KDC	is  done   by	any   of   the
       krb5_get_init_creds(),	     krb5_get_init_creds_password(),	    or
       krb5_get_init_creds_keytab() functions.	krb5_get_init_creds()  is  the
       least specialized function and can, with	the right in data, behave like
       the  latter two.	 The latter two	are there for compatibility with older
       releases	and they are slightly easier to	use.

       krb5_prompt is a	structure containing the following elements:

       typedef struct {
	   const char *prompt;
	   int hidden;
	   krb5_data *reply;
	   krb5_prompt_type type
       } krb5_prompt;

       prompt is the prompt that should	shown to the user If  hidden  is  set,
       the  prompter function shouldn't	echo the output	to the display device.
       reply must be preallocated; it will not be allocated  by	 the  prompter
       function.  Possible values for the type element are:

	     KRB5_PROMPT_TYPE_PASSWORD
	     KRB5_PROMPT_TYPE_NEW_PASSWORD
	     KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
	     KRB5_PROMPT_TYPE_PREAUTH
	     KRB5_PROMPT_TYPE_INFO

       krb5_prompter_posix() is	the default prompter function in a POSIX envi-
       ronment.	  It  matches  the  krb5_prompter_fct  and  can	be used	in the
       krb5_get_init_creds functions.  krb5_prompter_posix()  doesn't  require
       prompter_data.

       If  the start_time is zero, then	the requested ticket will be valid be-
       ginning immediately.  Otherwise,	the start_time indicates  how  far  in
       the future the ticket should be postdated.

       If  the	in_tkt_service	name  is non-NULL, that	principal name will be
       used as the server name for the initial ticket request.	The  realm  of
       the  name specified will	be ignored and will be set to the realm	of the
       client name.  If	no in_tkt_service name	is  specified,	krbtgt/CLIENT-
       REALM@CLIENT-REALM will be used.

       For  the	 rest of arguments, a configuration or library default will be
       used if no value	is specified in	the options structure.

       krb5_get_init_creds_opt_set_address_list() sets the list	 of  addresses
       that is should be stored	in the ticket.

       krb5_get_init_creds_opt_set_addressless() controls if the ticket	is re-
       quested		  with		 addresses	     or		  not,
       krb5_get_init_creds_opt_set_address_list() overrides this option.

       krb5_get_init_creds_opt_set_anonymous() make the	request	 anonymous  if
       the anonymous parameter is non-zero.

       krb5_get_init_creds_opt_set_default_flags()  sets the default flags us-
       ing the configuration file.

       krb5_get_init_creds_opt_set_etype_list()	set a list  of	enctypes  that
       the client is willing to	support	in the request.

       krb5_get_init_creds_opt_set_forwardable() request a forwardable ticket.

       krb5_get_init_creds_opt_set_pa_password() set the password and key_proc
       that is going to	be used	to get a new ticket.  password or key_proc can
       be NULL if the caller wants to use the default values.  If the password
       is unset	and needed, the	user will be prompted for it.

       krb5_get_init_creds_opt_set_paq_request() sets the password that	is go-
       ing to be used to get a new ticket.

       krb5_get_init_creds_opt_set_preauth_list() sets the list	of client-sup-
       ported preauth types.

       krb5_get_init_creds_opt_set_proxiable() makes the request proxiable.

       krb5_get_init_creds_opt_set_renew_life()	 sets  the requested renewable
       lifetime.

       krb5_get_init_creds_opt_set_salt() sets the salt	that is	 going	to  be
       used in the request.

       krb5_get_init_creds_opt_set_tkt_life() sets requested ticket lifetime.

       krb5_get_init_creds_opt_set_canonicalize() requests that	the KDC	canon-
       icalize the client principal if possible.

       krb5_get_init_creds_opt_set_win2k() turns on compatibility with Windows
       2000.

SEE ALSO
       krb5(3),	krb5_creds(3), krb5_verify_user(3), krb5.conf(5), kerberos(8)

HEIMDAL				 Sep 16, 2006		KRB5_GET_INIT_CREDS(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=krb5_prompter_posix&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help