Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KRB5_MK_REQ(3)		 BSD Library Functions Manual		KRB5_MK_REQ(3)

NAME
     krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended, krb5_rd_req,
     krb5_rd_req_with_keyblock,	krb5_mk_rep, krb5_mk_rep_exact,
     krb5_mk_rep_extended, krb5_rd_rep,	krb5_build_ap_req, krb5_verify_ap_req
     --	create and read	application authentication request

LIBRARY
     Kerberos 5	Library	(libkrb5, -lkrb5)

SYNOPSIS
     #include <krb5.h>

     krb5_error_code
     krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
	 const krb5_flags ap_req_options, const	char *service,
	 const char *hostname, krb5_data *in_data, krb5_ccache ccache,
	 krb5_data *outbuf);

     krb5_error_code
     krb5_mk_req_extended(krb5_context context,
	 krb5_auth_context *auth_context, const	krb5_flags ap_req_options,
	 krb5_data *in_data, krb5_creds	*in_creds, krb5_data *outbuf);

     krb5_error_code
     krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
	 const krb5_data *inbuf, krb5_const_principal server,
	 krb5_keytab keytab, krb5_flags	*ap_req_options,
	 krb5_ticket **ticket);

     krb5_error_code
     krb5_build_ap_req(krb5_context context, krb5_enctype enctype,
	 krb5_creds *cred, krb5_flags ap_options, krb5_data authenticator,
	 krb5_data *retdata);

     krb5_error_code
     krb5_verify_ap_req(krb5_context context, krb5_auth_context	*auth_context,
	 krb5_ap_req *ap_req, krb5_const_principal server,
	 krb5_keyblock *keyblock, krb5_flags flags,
	 krb5_flags *ap_req_options, krb5_ticket **ticket);

DESCRIPTION
     The functions documented in this manual page document the functions that
     facilitates the exchange between a	Kerberos client	and server.  They are
     the core functions	used in	the authentication exchange between the	client
     and the server.

     The krb5_mk_req and krb5_mk_req_extended creates the Kerberos message
     KRB_AP_REQ	that is	sent from the client to	the server as the first	packet
     in	a client/server	exchange.  The result that should be sent to server is
     stored in outbuf.

     auth_context should be allocated with krb5_auth_con_init()	or NULL	passed
     in, in that case, it will be allocated and	freed internally.

     The input data in_data will have a	checksum calculated over it and	check-
     sum will be transported in	the message to the server.

     ap_req_options can	be set to one or more of the following flags:

     AP_OPTS_USE_SESSION_KEY
	     Use the session key when creating the request, used for user to
	     user authentication.

     AP_OPTS_MUTUAL_REQUIRED
	     Mark the request as mutual	authenticate required so that the re-
	     ceiver returns a mutual authentication packet.

     The krb5_rd_req read the AP_REQ in	inbuf and verify and extract the con-
     tent.  If server is specified, that server	will be	fetched	from the
     keytab and	used unconditionally.  If server is NULL, the keytab will be
     search for	a matching principal.

     The keytab	argument specifies what	keytab to search for receiving princi-
     pals.  The	arguments ap_req_options and ticket returns the	content.

     When the AS-REQ is	a user to user request,	neither	of keytab or principal
     are used, instead krb5_rd_req() expects the session key to	be set in
     auth_context.

     The krb5_verify_ap_req and	krb5_build_ap_req both constructs and verify
     the AP_REQ	message, should	not be used by external	code.

SEE ALSO
     krb5(3), krb5.conf(5)

HEIMDAL				August 27, 2005			       HEIMDAL

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=krb5_mk_req&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help