krb5_auth_context(3)

NAME

krb5_auth_context, krb5_auth_con_init, krb5_auth_con_free, krb5_auth_con_setflags, krb5_auth_con_getflags,
krb5_auth_con_setaddrs,
krb5_auth_con_setaddrs_from_fd, krb5_auth_con_getaddrs, krb5_auth_con_genaddrs, krb5_auth_con_getkey,
krb5_auth_con_setkey,
krb5_auth_con_getuserkey, krb5_auth_con_setuserkey, krb5_auth_con_getlocalsubkey, krb5_auth_con_setlocalsubkey, krb5_auth_con_getremotesubkey,
krb5_auth_con_setremotesubkey, krb5_auth_setcksumtype, krb5_auth_getcksumtype,
krb5_auth_setkeytype,
krb5_auth_getkeytype, krb5_auth_getlocalseqnumber, krb5_auth_setlocalseqnumber, krb5_auth_getremoteseqnumber, krb5_auth_setremoteseqnumber, krb5_auth_getauthenticator, krb5_auth_con_getrcache, krb5_auth_con_setrcache, krb5_auth_con_initivector, krb5_auth_con_setivector - manage
authentication on connection level

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS

#include <krb5.h>
krb5_error_code
krb5_auth_con_init(krb5_context context,
        krb5_auth_context *auth_context);
void
krb5_auth_con_free(krb5_context  context,  krb5_auth_context
auth_context);
krb5_error_code
krb5_auth_con_setflags(krb5_context context,
        krb5_auth_context auth_context, int32_t flags);
krb5_error_code
krb5_auth_con_getflags(krb5_context context,
        krb5_auth_context auth_context, int32_t *flags);
krb5_error_code
krb5_auth_con_setaddrs(krb5_context context,
        krb5_auth_context     auth_context,     krb5_address
*local_addr,
        krb5_address *remote_addr);
krb5_error_code
krb5_auth_con_getaddrs(krb5_context context,
        krb5_auth_context     auth_context,     krb5_address
**local_addr,
        krb5_address **remote_addr);
krb5_error_code
krb5_auth_con_genaddrs(krb5_context context,
        krb5_auth_context auth_context, int fd, int flags);
krb5_error_code
krb5_auth_con_setaddrs_from_fd(krb5_context context,
        krb5_auth_context auth_context, void *p_fd);
krb5_error_code
krb5_auth_con_getkey(krb5_context context,
        krb5_auth_context    auth_context,     krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_getlocalsubkey(krb5_context context,
        krb5_auth_context     auth_context,    krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_getremotesubkey(krb5_context context,
        krb5_auth_context    auth_context,     krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_initivector(krb5_context context,
        krb5_auth_context auth_context);
krb5_error_code
krb5_auth_con_setivector(krb5_context context,
        krb5_auth_context     *auth_context,    krb5_pointer
ivector);

DESCRIPTION

The krb5_auth_context structure holds all context related to
an authenticated connection, in a similar way to krb5_context that
holds the context
for the thread or process. krb5_auth_context is used by
various functions that are directly related to authentication between
the
server/client. Example of data that this structure contains
are various
flags, addresses of client and server, port numbers, key
blocks (and subkeys), sequence numbers, replay cache, and checksum-type.
krb5_auth_con_init() allocates and initializes the
krb5_auth_context
structure. Default values can be changed with
krb5_auth_con_setcksumtype() and krb5_auth_con_setflags().
The
auth_context structure must be freed by
krb5_auth_con_free().
krb5_auth_con_getflags() and krb5_auth_con_setflags() gets
and modifies
the flags for a krb5_auth_context structure. Possible flags
to set are:
KRB5_AUTH_CONTEXT_DO_TIME
check timestamp on incoming packets.
KRB5_AUTH_CONTEXT_DO_SEQUENCE
Generate and check sequence-number on each packet.
krb5_auth_con_setaddrs(), krb5_auth_con_setaddrs_from_fd()
and
krb5_auth_con_getaddrs() gets and sets the addresses that
are checked
when a packet is received. It is mandatory to set an ad
dress for the
remote host. If the local address is not set, it iss deduced
from the
underlaying operating system. krb5_auth_con_getaddrs() will
call
krb5_free_address() on any address that is passed in
local_addr or
remote_addr. krb5_auth_con_setaddr() allows passing in a
NULL pointer as
local_addr and remote_addr, in that case it will just not
set that
address.
krb5_auth_con_setaddrs_from_fd() fetches the addresses from
a file
descriptor.
krb5_auth_con_genaddrs() fetches the address information
from the given
file descriptor fd depending on the bitmap argument flags.
Possible values on flags are:
KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
fetches the local address from fd.
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
fetches the remote address from fd.
krb5_auth_con_setkey(), krb5_auth_con_setuserkey() and krb5_auth_con_getkey() gets and sets the key used for this
auth context.
The keyblock returned by krb5_auth_con_getkey() should be
freed with
krb5_free_keyblock(). The keyblock send into
krb5_auth_con_setkey() is
copied into the krb5_auth_context, and thus no special han
dling is
needed. NULL is not a valid keyblock to
krb5_auth_con_setkey().
krb5_auth_con_setuserkey() is only useful when doing user to
user authentication. krb5_auth_con_setkey() is equivalent to krb5_auth_con_setuserkey().
krb5_auth_con_getlocalsubkey(),
krb5_auth_con_setlocalsubkey(), krb5_auth_con_getremotesubkey() and
krb5_auth_con_setremotesubkey() gets and sets the keyblock for the local and remote subkey. The
keyblock
returned by krb5_auth_con_getlocalsubkey() and krb5_auth_con_getremotesubkey() must be freed with
krb5_free_keyblock().
krb5_auth_setcksumtype() and krb5_auth_getcksumtype() sets
and gets the
checksum type that should be used for this connection.
krb5_auth_getremoteseqnumber()
krb5_auth_setremoteseqnumber(), krb5_auth_getlocalseqnumber() and
krb5_auth_setlocalseqnumber() gets and sets the sequence-number for the local and remote sequence
number
counter.
krb5_auth_setkeytype() and krb5_auth_getkeytype() gets and
gets the keytype of the keyblock in krb5_auth_context.
krb5_auth_getauthenticator() Retrieves the authenticator
that was used
during mutual authentication. The authenticator returned
should be freed
by calling krb5_free_authenticator().
krb5_auth_con_getrcache() and krb5_auth_con_setrcache() gets
and sets the
replay-cache.
krb5_auth_con_initivector() allocates memory for and zeros
the initial
vector in the auth_context keyblock.
krb5_auth_con_setivector() sets the i_vector portion of
auth_context to
ivector.

SEE ALSO

krb5_context(3), kerberos(8)
HEIMDAL January 21, 2001

HEIMDAL

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout