| KRB5_AUTH_CONTEXT(3) | Library Functions Manual | KRB5_AUTH_CONTEXT(3) | 
krb5_auth_con_addflags,
  krb5_auth_con_free,
  krb5_auth_con_genaddrs,
  krb5_auth_con_generatelocalsubkey,
  krb5_auth_con_getaddrs,
  krb5_auth_con_getauthenticator,
  krb5_auth_con_getflags,
  krb5_auth_con_getkey,
  krb5_auth_con_getlocalsubkey,
  krb5_auth_con_getrcache,
  krb5_auth_con_getremotesubkey,
  krb5_auth_con_getuserkey,
  krb5_auth_con_init,
  krb5_auth_con_initivector,
  krb5_auth_con_removeflags,
  krb5_auth_con_setaddrs,
  krb5_auth_con_setaddrs_from_fd,
  krb5_auth_con_setflags,
  krb5_auth_con_setivector,
  krb5_auth_con_setkey,
  krb5_auth_con_setlocalsubkey,
  krb5_auth_con_setrcache,
  krb5_auth_con_setremotesubkey,
  krb5_auth_con_setuserkey,
  krb5_auth_context,
  krb5_auth_getcksumtype,
  krb5_auth_getkeytype,
  krb5_auth_getlocalseqnumber,
  krb5_auth_getremoteseqnumber,
  krb5_auth_setcksumtype,
  krb5_auth_setkeytype,
  krb5_auth_setlocalseqnumber,
  krb5_auth_setremoteseqnumber,
  krb5_free_authenticator —
#include <krb5/krb5.h>
krb5_error_code
  
  krb5_auth_con_init(krb5_context
    context, krb5_auth_context *auth_context);
void
  
  krb5_auth_con_free(krb5_context
    context, krb5_auth_context auth_context);
krb5_error_code
  
  krb5_auth_con_setflags(krb5_context
    context, krb5_auth_context auth_context,
    int32_t flags);
krb5_error_code
  
  krb5_auth_con_getflags(krb5_context
    context, krb5_auth_context auth_context,
    int32_t *flags);
krb5_error_code
  
  krb5_auth_con_addflags(krb5_context
    context, krb5_auth_context auth_context,
    int32_t addflags, int32_t
    *flags);
krb5_error_code
  
  krb5_auth_con_removeflags(krb5_context
    context, krb5_auth_context auth_context,
    int32_t removelags, int32_t
    *flags);
krb5_error_code
  
  krb5_auth_con_setaddrs(krb5_context
    context, krb5_auth_context auth_context,
    krb5_address *local_addr, krb5_address
    *remote_addr);
krb5_error_code
  
  krb5_auth_con_getaddrs(krb5_context
    context, krb5_auth_context auth_context,
    krb5_address **local_addr,
    krb5_address **remote_addr);
krb5_error_code
  
  krb5_auth_con_genaddrs(krb5_context
    context, krb5_auth_context auth_context,
    int fd, int flags);
krb5_error_code
  
  krb5_auth_con_setaddrs_from_fd(krb5_context
    context, krb5_auth_context auth_context,
    void *p_fd);
krb5_error_code
  
  krb5_auth_con_getkey(krb5_context
    context, krb5_auth_context auth_context,
    krb5_keyblock **keyblock);
krb5_error_code
  
  krb5_auth_con_getlocalsubkey(krb5_context
    context, krb5_auth_context auth_context,
    krb5_keyblock **keyblock);
krb5_error_code
  
  krb5_auth_con_getremotesubkey(krb5_context
    context, krb5_auth_context auth_context,
    krb5_keyblock **keyblock);
krb5_error_code
  
  krb5_auth_con_generatelocalsubkey(krb5_context
    context, krb5_auth_context auth_context,
    krb5_keyblock, *key");
krb5_error_code
  
  krb5_auth_con_initivector(krb5_context
    context, krb5_auth_context auth_context);
krb5_error_code
  
  krb5_auth_con_setivector(krb5_context
    context, krb5_auth_context *auth_context,
    krb5_pointer ivector);
void
  
  krb5_free_authenticator(krb5_context
    context, krb5_authenticator *authenticator);
krb5_auth_context structure holds all context
  related to an authenticated connection, in a similar way to
  krb5_context that holds the context for the thread or
  process. krb5_auth_context is used by various
  functions that are directly related to authentication between the
  server/client. Example of data that this structure contains are various flags,
  addresses of client and server, port numbers, keyblocks (and subkeys),
  sequence numbers, replay cache, and checksum-type.
krb5_auth_con_init() allocates and
    initializes the krb5_auth_context structure. Default
    values can be changed with
    krb5_auth_con_setcksumtype() and
    krb5_auth_con_setflags(). The
    auth_context structure must be freed by
    krb5_auth_con_free().
krb5_auth_con_getflags(),
    krb5_auth_con_setflags(),
    krb5_auth_con_addflags() and
    krb5_auth_con_removeflags() gets and modifies the
    flags for a krb5_auth_context structure. Possible
    flags to set are:
KRB5_AUTH_CONTEXT_DO_SEQUENCEKRB5_AUTH_CONTEXT_DO_TIMEKRB5_AUTH_CONTEXT_RET_SEQUENCE,
    KRB5_AUTH_CONTEXT_RET_TIMEKRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CREDkrb5_get_forwarded_creds() and
      krb5_fwd_tgt_creds() to create unencrypted )
      KRB5_ENCTYPE_NULL) credentials. This is for use
      with old MIT server and JAVA based servers as they can't handle encrypted
      KRB-CRED. Note that sending such
      KRB-CRED is clear exposes crypto keys and tickets
      and is insecure, make sure the packet is encrypted in the protocol.
      krb5_rd_cred(3),
      krb5_rd_priv(3),
      krb5_rd_safe(3),
      krb5_mk_priv(3) and
      krb5_mk_safe(3).
      Setting this flag requires that parameter to be passed to these functions.
    The flags KRB5_AUTH_CONTEXT_DO_TIME
        also modifies the behavior the function
        krb5_get_forwarded_creds() by removing the
        timestamp in the forward credential message, this have backward
        compatibility problems since not all versions of the heimdal supports
        timeless credentional messages. Is very useful since it always the
        sender of the message to cache forward message and thus avoiding a round
        trip to the KDC for each time a credential is forwarded. The same
        functionality can be obtained by using address-less tickets.
krb5_auth_con_setaddrs(),
    krb5_auth_con_setaddrs_from_fd() and
    krb5_auth_con_getaddrs() gets and sets the addresses
    that are checked when a packet is received. It is mandatory to set an
    address for the remote host. If the local address is not set, it iss deduced
    from the underlaying operating system.
    krb5_auth_con_getaddrs() will call
    krb5_free_address() on any address that is passed in
    local_addr or remote_addr.
    krb5_auth_con_setaddr() allows passing in a
    NULL pointer as local_addr and
    remote_addr, in that case it will just not set that
    address.
krb5_auth_con_setaddrs_from_fd() fetches
    the addresses from a file descriptor.
krb5_auth_con_genaddrs() fetches the
    address information from the given file descriptor fd
    depending on the bitmap argument flags.
Possible values on flags are:
krb5_auth_con_setkey(),
    krb5_auth_con_setuserkey() and
    krb5_auth_con_getkey() gets and sets the key used
    for this auth context. The keyblock returned by
    krb5_auth_con_getkey() should be freed with
    krb5_free_keyblock(). The keyblock send into
    krb5_auth_con_setkey() is copied into the
    krb5_auth_context, and thus no special handling is
    needed. NULL is not a valid keyblock to
    krb5_auth_con_setkey().
krb5_auth_con_setuserkey() is only useful
    when doing user to user authentication.
    krb5_auth_con_setkey() is equivalent to
    krb5_auth_con_setuserkey().
krb5_auth_con_getlocalsubkey(),
    krb5_auth_con_setlocalsubkey(),
    krb5_auth_con_getremotesubkey() and
    krb5_auth_con_setremotesubkey() gets and sets the
    keyblock for the local and remote subkey. The keyblock returned by
    krb5_auth_con_getlocalsubkey() and
    krb5_auth_con_getremotesubkey() must be freed with
    krb5_free_keyblock().
krb5_auth_setcksumtype() and
    krb5_auth_getcksumtype() sets and gets the checksum
    type that should be used for this connection.
krb5_auth_con_generatelocalsubkey()
    generates a local subkey that have the same encryption type as
    key.
krb5_auth_getremoteseqnumber()
    krb5_auth_setremoteseqnumber(),
    krb5_auth_getlocalseqnumber() and
    krb5_auth_setlocalseqnumber() gets and sets the
    sequence-number for the local and remote sequence-number counter.
krb5_auth_setkeytype() and
    krb5_auth_getkeytype() gets and gets the keytype of
    the keyblock in krb5_auth_context.
krb5_auth_con_getauthenticator() Retrieves
    the authenticator that was used during mutual authentication. The
    authenticator returned should be freed by calling
    krb5_free_authenticator().
krb5_auth_con_getrcache() and
    krb5_auth_con_setrcache() gets and sets the
    replay-cache.
krb5_auth_con_initivector() allocates
    memory for and zeros the initial vector in the
    auth_context keyblock.
krb5_auth_con_setivector() sets the
    i_vector portion of auth_context to
    ivector.
krb5_free_authenticator() free the content
    of authenticator and
    authenticator itself.
| May 17, 2005 | NetBSD 9.4 |