Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9747 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

KRB5_AUTH_CONTEXT(3)	 BSD Library Functions Manual	  KRB5_AUTH_CONTEXT(3)

NAME
     krb5_auth_con_addflags, krb5_auth_con_free, krb5_auth_con_genaddrs,
     krb5_auth_con_generatelocalsubkey, krb5_auth_con_getaddrs,
     krb5_auth_con_getauthenticator, krb5_auth_con_getflags,
     krb5_auth_con_getkey, krb5_auth_con_getlocalsubkey,
     krb5_auth_con_getrcache, krb5_auth_con_getremotesubkey,
     krb5_auth_con_getuserkey, krb5_auth_con_init, krb5_auth_con_initivector,
     krb5_auth_con_removeflags, krb5_auth_con_setaddrs,
     krb5_auth_con_setaddrs_from_fd, krb5_auth_con_setflags,
     krb5_auth_con_setivector, krb5_auth_con_setkey,
     krb5_auth_con_setlocalsubkey, krb5_auth_con_setrcache,
     krb5_auth_con_setremotesubkey, krb5_auth_con_setuserkey,
     krb5_auth_context, krb5_auth_getcksumtype, krb5_auth_getkeytype,
     krb5_auth_getlocalseqnumber, krb5_auth_getremoteseqnumber,
     krb5_auth_setcksumtype, krb5_auth_setkeytype,
     krb5_auth_setlocalseqnumber, krb5_auth_setremoteseqnumber,
     krb5_free_authenticator — manage authentication on connection level

LIBRARY
     Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS
     #include <krb5.h>

     krb5_error_code
     krb5_auth_con_init(krb5_context context,
	 krb5_auth_context *auth_context);

     void
     krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context);

     krb5_error_code
     krb5_auth_con_setflags(krb5_context context,
	 krb5_auth_context auth_context, int32_t flags);

     krb5_error_code
     krb5_auth_con_getflags(krb5_context context,
	 krb5_auth_context auth_context, int32_t *flags);

     krb5_error_code
     krb5_auth_con_addflags(krb5_context context,
	 krb5_auth_context auth_context, int32_t addflags, int32_t *flags);

     krb5_error_code
     krb5_auth_con_removeflags(krb5_context context,
	 krb5_auth_context auth_context, int32_t removelags, int32_t *flags);

     krb5_error_code
     krb5_auth_con_setaddrs(krb5_context context,
	 krb5_auth_context auth_context, krb5_address *local_addr,
	 krb5_address *remote_addr);

     krb5_error_code
     krb5_auth_con_getaddrs(krb5_context context,
	 krb5_auth_context auth_context, krb5_address **local_addr,
	 krb5_address **remote_addr);

     krb5_error_code
     krb5_auth_con_genaddrs(krb5_context context,
	 krb5_auth_context auth_context, int fd, int flags);

     krb5_error_code
     krb5_auth_con_setaddrs_from_fd(krb5_context context,
	 krb5_auth_context auth_context, void *p_fd);

     krb5_error_code
     krb5_auth_con_getkey(krb5_context context,
	 krb5_auth_context auth_context, krb5_keyblock **keyblock);

     krb5_error_code
     krb5_auth_con_getlocalsubkey(krb5_context context,
	 krb5_auth_context auth_context, krb5_keyblock **keyblock);

     krb5_error_code
     krb5_auth_con_getremotesubkey(krb5_context context,
	 krb5_auth_context auth_context, krb5_keyblock **keyblock);

     krb5_error_code
     krb5_auth_con_generatelocalsubkey(krb5_context context,
	 krb5_auth_context auth_context, krb5_keyblock, *key");

     krb5_error_code
     krb5_auth_con_initivector(krb5_context context,
	 krb5_auth_context auth_context);

     krb5_error_code
     krb5_auth_con_setivector(krb5_context context,
	 krb5_auth_context *auth_context, krb5_pointer ivector);

     void
     krb5_free_authenticator(krb5_context context,
	 krb5_authenticator *authenticator);

DESCRIPTION
     The krb5_auth_context structure holds all context related to an authenti‐
     cated connection, in a similar way to krb5_context that holds the context
     for the thread or process.	 krb5_auth_context is used by various func‐
     tions that are directly related to authentication between the
     server/client. Example of data that this structure contains are various
     flags, addresses of client and server, port numbers, keyblocks (and sub‐
     keys), sequence numbers, replay cache, and checksum-type.

     krb5_auth_con_init() allocates and initializes the krb5_auth_context
     structure. Default values can be changed with
     krb5_auth_con_setcksumtype() and krb5_auth_con_setflags().	 The
     auth_context structure must be freed by krb5_auth_con_free().

     krb5_auth_con_getflags(), krb5_auth_con_setflags(),
     krb5_auth_con_addflags() and krb5_auth_con_removeflags() gets and modi‐
     fies the flags for a krb5_auth_context structure. Possible flags to set
     are:

     KRB5_AUTH_CONTEXT_DO_SEQUENCE
	     Generate and check sequence-number on each packet.

     KRB5_AUTH_CONTEXT_DO_TIME
	     Check timestamp on incoming packets.

     KRB5_AUTH_CONTEXT_RET_SEQUENCE, KRB5_AUTH_CONTEXT_RET_TIME
	     Return sequence numbers and time stamps in the outdata parame‐
	     ters.

     KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
	     will force krb5_get_forwarded_creds() and krb5_fwd_tgt_creds() to
	     create unencrypted ) ENCTYPE_NULL) credentials.  This is for use
	     with old MIT server and JAVA based servers as they can't handle
	     encrypted KRB-CRED.  Note that sending such KRB-CRED is clear
	     exposes crypto keys and tickets and is insecure, make sure the
	     packet is encrypted in the protocol.  krb5_rd_cred(3),
	     krb5_rd_priv(3), krb5_rd_safe(3), krb5_mk_priv(3) and
	     krb5_mk_safe(3).  Setting this flag requires that parameter to be
	     passed to these functions.

	     The flags KRB5_AUTH_CONTEXT_DO_TIME also modifies the behavior
	     the function krb5_get_forwarded_creds() by removing the timestamp
	     in the forward credential message, this have backward compatibil‐
	     ity problems since not all versions of the heimdal supports time‐
	     less credentional messages.  Is very useful since it always the
	     sender of the message to cache forward message and thus avoiding
	     a round trip to the KDC for each time a credential is forwarded.
	     The same functionality can be obtained by using address-less
	     tickets.

     krb5_auth_con_setaddrs(), krb5_auth_con_setaddrs_from_fd() and
     krb5_auth_con_getaddrs() gets and sets the addresses that are checked
     when a packet is received.	 It is mandatory to set an address for the
     remote host. If the local address is not set, it iss deduced from the
     underlaying operating system.  krb5_auth_con_getaddrs() will call
     krb5_free_address() on any address that is passed in local_addr or
     remote_addr.  krb5_auth_con_setaddr() allows passing in a NULL pointer as
     local_addr and remote_addr, in that case it will just not set that
     address.

     krb5_auth_con_setaddrs_from_fd() fetches the addresses from a file
     descriptor.

     krb5_auth_con_genaddrs() fetches the address information from the given
     file descriptor fd depending on the bitmap argument flags.

     Possible values on flags are:

     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
	     fetches the local address from fd.

     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
	     fetches the remote address from fd.

     krb5_auth_con_setkey(), krb5_auth_con_setuserkey() and
     krb5_auth_con_getkey() gets and sets the key used for this auth context.
     The keyblock returned by krb5_auth_con_getkey() should be freed with
     krb5_free_keyblock().  The keyblock send into krb5_auth_con_setkey() is
     copied into the krb5_auth_context, and thus no special handling is
     needed.  NULL is not a valid keyblock to krb5_auth_con_setkey().

     krb5_auth_con_setuserkey() is only useful when doing user to user authen‐
     tication.	krb5_auth_con_setkey() is equivalent to
     krb5_auth_con_setuserkey().

     krb5_auth_con_getlocalsubkey(), krb5_auth_con_setlocalsubkey(),
     krb5_auth_con_getremotesubkey() and krb5_auth_con_setremotesubkey() gets
     and sets the keyblock for the local and remote subkey.  The keyblock
     returned by krb5_auth_con_getlocalsubkey() and
     krb5_auth_con_getremotesubkey() must be freed with krb5_free_keyblock().

     krb5_auth_setcksumtype() and krb5_auth_getcksumtype() sets and gets the
     checksum type that should be used for this connection.

     krb5_auth_con_generatelocalsubkey() generates a local subkey that have
     the same encryption type as key.

     krb5_auth_getremoteseqnumber() krb5_auth_setremoteseqnumber(),
     krb5_auth_getlocalseqnumber() and krb5_auth_setlocalseqnumber() gets and
     sets the sequence-number for the local and remote sequence-number
     counter.

     krb5_auth_setkeytype() and krb5_auth_getkeytype() gets and gets the key‐
     type of the keyblock in krb5_auth_context.

     krb5_auth_con_getauthenticator() Retrieves the authenticator that was
     used during mutual authentication. The authenticator returned should be
     freed by calling krb5_free_authenticator().

     krb5_auth_con_getrcache() and krb5_auth_con_setrcache() gets and sets the
     replay-cache.

     krb5_auth_con_initivector() allocates memory for and zeros the initial
     vector in the auth_context keyblock.

     krb5_auth_con_setivector() sets the i_vector portion of auth_context to
     ivector.

     krb5_free_authenticator() free the content of authenticator and
     authenticator itself.

SEE ALSO
     krb5_context(3), kerberos(8)

HEIMDAL				 May 17, 2005			       HEIMDAL

Vote for polarhome