projects / unix-history / blame
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
BSD 4_4_Lite2 development
[unix-history] / usr / share / man / cat3 / kerberos.0
CommitLineData
b1052012
C		 1
2
3
4KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
5
6
7N\bNA\bAM\bME\bE
8 krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key,
9 krb_get_cred, krb_mk_priv, krb_rd_priv, krb_mk_safe,
10 krb_rd_safe, krb_mk_err, krb_rd_err, krb_ck_repl - Ker-
11 beros authentication library
12
13S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
14 #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/d\bde\bes\bs.\b.h\bh>\b>
15 #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/k\bkr\brb\bb.\b.h\bh>\b>
16
17 e\bex\bxt\bte\ber\brn\bn c\bch\bha\bar\br *\b*k\bkr\brb\bb_\b_e\ber\brr\br_\b_t\btx\bxt\bt[\b[]\b];\b;
18
19 i\bin\bnt\bt k\bkr\brb\bb_\b_m\bmk\bk_\b_r\bre\beq\bq(\b(a\bau\but\bth\bhe\ben\bnt\bt,\b,s\bse\ber\brv\bvi\bic\bce\be,\b,i\bin\bns\bst\bta\ban\bnc\bce\be,\b,r\bre\bea\bal\blm\bm,\b,c\bch\bhe\bec\bck\bks\bsu\bum\bm)\b)
20 K\bKT\bTE\bEX\bXT\bT a\bau\but\bth\bhe\ben\bnt\bt;\b;
21 c\bch\bha\bar\br *\b*s\bse\ber\brv\bvi\bic\bce\be;\b;
22 c\bch\bha\bar\br *\b*i\bin\bns\bst\bta\ban\bnc\bce\be;\b;
23 c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b;
24 u\bu_\b_l\blo\bon\bng\bg c\bch\bhe\bec\bck\bks\bsu\bum\bm;\b;
25
26 i\bin\bnt\bt k\bkr\brb\bb_\b_r\brd\bd_\b_r\bre\beq\bq(\b(a\bau\but\bth\bhe\ben\bnt\bt,\b,s\bse\ber\brv\bvi\bic\bce\be,\b,i\bin\bns\bst\bta\ban\bnc\bce\be,\b,f\bfr\bro\bom\bm_\b_a\bad\bdd\bdr\br,\b,a\bad\bd,\b,f\bfn\bn)\b)
27 K\bKT\bTE\bEX\bXT\bT a\bau\but\bth\bhe\ben\bnt\bt;\b;
28 c\bch\bha\bar\br *\b*s\bse\ber\brv\bvi\bic\bce\be;\b;
29 c\bch\bha\bar\br *\b*i\bin\bns\bst\bta\ban\bnc\bce\be;\b;
30 u\bu_\b_l\blo\bon\bng\bg f\bfr\bro\bom\bm_\b_a\bad\bdd\bdr\br;\b;
31 A\bAU\bUT\bTH\bH_\b_D\bDA\bAT\bT *\b*a\bad\bd;\b;
32 c\bch\bha\bar\br *\b*f\bfn\bn;\b;
33
34 i\bin\bnt\bt k\bkr\brb\bb_\b_k\bkn\bnt\bto\bol\bln\bn(\b(a\bad\bd,\b,l\bln\bna\bam\bme\be)\b)
35 A\bAU\bUT\bTH\bH_\b_D\bDA\bAT\bT *\b*a\bad\bd;\b;
36 c\bch\bha\bar\br *\b*l\bln\bna\bam\bme\be;\b;
37
38 i\bin\bnt\bt k\bkr\brb\bb_\b_s\bse\bet\bt_\b_k\bke\bey\by(\b(k\bke\bey\by,\b,c\bcv\bvt\bt)\b)
39 c\bch\bha\bar\br *\b*k\bke\bey\by;\b;
40 i\bin\bnt\bt c\bcv\bvt\bt;\b;
41
42 i\bin\bnt\bt k\bkr\brb\bb_\b_g\bge\bet\bt_\b_c\bcr\bre\bed\bd(\b(s\bse\ber\brv\bvi\bic\bce\be,\b,i\bin\bns\bst\bta\ban\bnc\bce\be,\b,r\bre\bea\bal\blm\bm,\b,c\bc)\b)
43 c\bch\bha\bar\br *\b*s\bse\ber\brv\bvi\bic\bce\be;\b;
44 c\bch\bha\bar\br *\b*i\bin\bns\bst\bta\ban\bnc\bce\be;\b;
45 c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b;
46 C\bCR\bRE\bED\bDE\bEN\bNT\bTI\bIA\bAL\bLS\bS *\b*c\bc;\b;
47
48 l\blo\bon\bng\bg k\bkr\brb\bb_\b_m\bmk\bk_\b_p\bpr\bri\biv\bv(\b(i\bin\bn,\b,o\bou\but\bt,\b,i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,k\bke\bey\by,\b,s\bse\ben\bnd\bde\ber\br,\b,r\bre\bec\bce\bei\biv\bve\ber\br)\b)
49 u\bu_\b_c\bch\bha\bar\br *\b*i\bin\bn;\b;
50 u\bu_\b_c\bch\bha\bar\br *\b*o\bou\but\bt;\b;
51 u\bu_\b_l\blo\bon\bng\bg i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh;\b;
52 d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk k\bke\bey\by;\b;
53 d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b;
54 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*s\bse\ben\bnd\bde\ber\br;\b;
55 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*r\bre\bec\bce\bei\biv\bve\ber\br;\b;
56
57 l\blo\bon\bng\bg k\bkr\brb\bb_\b_r\brd\bd_\b_p\bpr\bri\biv\bv(\b(i\bin\bn,\b,i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,k\bke\bey\by,\b,s\bse\ben\bnd\bde\ber\br,\b,r\bre\bec\bce\bei\biv\bve\ber\br,\b,m\bms\bsg\bg_\b_d\bda\bat\bta\ba)\b)
58
59
60
61MIT Project Athena Kerberos Version 4.0 1
62
63
64
65
66
67
68
69
70KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
71
72
73 u\bu_\b_c\bch\bha\bar\br *\b*i\bin\bn;\b;
74 u\bu_\b_l\blo\bon\bng\bg i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh;\b;
75 K\bKe\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b;
76 d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk k\bke\bey\by;\b;
77 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*s\bse\ben\bnd\bde\ber\br;\b;
78 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*r\bre\bec\bce\bei\biv\bve\ber\br;\b;
79 M\bMS\bSG\bG_\b_D\bDA\bAT\bT *\b*m\bms\bsg\bg_\b_d\bda\bat\bta\ba;\b;
80
81 l\blo\bon\bng\bg k\bkr\brb\bb_\b_m\bmk\bk_\b_s\bsa\baf\bfe\be(\b(i\bin\bn,\b,o\bou\but\bt,\b,i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh,\b,k\bke\bey\by,\b,s\bse\ben\bnd\bde\ber\br,\b,r\bre\bec\bce\bei\biv\bve\ber\br)\b)
82 u\bu_\b_c\bch\bha\bar\br *\b*i\bin\bn;\b;
83 u\bu_\b_c\bch\bha\bar\br *\b*o\bou\but\bt;\b;
84 u\bu_\b_l\blo\bon\bng\bg i\bin\bn_\b_l\ble\ben\bng\bgt\bth\bh;\b;
85 d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk k\bke\bey\by;\b;
86 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*s\bse\ben\bnd\bde\ber\br;\b;
87 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*r\bre\bec\bce\bei\biv\bve\ber\br;\b;
88
89 l\blo\bon\bng\bg k\bkr\brb\bb_\b_r\brd\bd_\b_s\bsa\baf\bfe\be(\b(i\bin\bn,\b,l\ble\ben\bng\bgt\bth\bh,\b,k\bke\bey\by,\b,s\bse\ben\bnd\bde\ber\br,\b,r\bre\bec\bce\bei\biv\bve\ber\br,\b,m\bms\bsg\bg_\b_d\bda\bat\bta\ba)\b)
90 u\bu_\b_c\bch\bha\bar\br *\b*i\bin\bn;\b;
91 u\bu_\b_l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b;
92 d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk k\bke\bey\by;\b;
93 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*s\bse\ben\bnd\bde\ber\br;\b;
94 s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*r\bre\bec\bce\bei\biv\bve\ber\br;\b;
95 M\bMS\bSG\bG_\b_D\bDA\bAT\bT *\b*m\bms\bsg\bg_\b_d\bda\bat\bta\ba;\b;
96
97 l\blo\bon\bng\bg k\bkr\brb\bb_\b_m\bmk\bk_\b_e\ber\brr\br(\b(o\bou\but\bt,\b,c\bco\bod\bde\be,\b,s\bst\btr\bri\bin\bng\bg)\b)
98 u\bu_\b_c\bch\bha\bar\br *\b*o\bou\but\bt;\b;
99 l\blo\bon\bng\bg c\bco\bod\bde\be;\b;
100 c\bch\bha\bar\br *\b*s\bst\btr\bri\bin\bng\bg;\b;
101
102 l\blo\bon\bng\bg k\bkr\brb\bb_\b_r\brd\bd_\b_e\ber\brr\br(\b(i\bin\bn,\b,l\ble\ben\bng\bgt\bth\bh,\b,c\bco\bod\bde\be,\b,m\bms\bsg\bg_\b_d\bda\bat\bta\ba)\b)
103 u\bu_\b_c\bch\bha\bar\br *\b*i\bin\bn;\b;
104 u\bu_\b_l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b;
105 l\blo\bon\bng\bg c\bco\bod\bde\be;\b;
106 M\bMS\bSG\bG_\b_D\bDA\bAT\bT *\b*m\bms\bsg\bg_\b_d\bda\bat\bta\ba;\b;
107
108D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
109 This library supports network authentication and various
110 related operations. The library contains many routines
111 beyond those described in this man page, but they are not
112 intended to be used directly. Instead, they are called by
113 the routines that are described, the authentication server
114 and the login program.
115
116 _\bk_\br_\bb_\b__\be_\br_\br_\b__\bt_\bx_\bt_\b[_\b] contains text string descriptions of various
117 Kerberos error codes returned by some of the routines
118 below.
119
120 _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq takes a pointer to a text structure in which an
121 authenticator is to be built. It also takes the name,
122 instance, and realm of the service to be used and an
123 optional checksum. It is up to the application to decide
124
125
126
127MIT Project Athena Kerberos Version 4.0 2
128
129
130
131
132
133
134
135
136KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
137
138
139 how to generate the checksum. _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq then retrieves a
140 ticket for the desired service and creates an authentica-
141 tor. The authenticator is built in _\ba_\bu_\bt_\bh_\be_\bn_\bt and is acces-
142 sible to the calling procedure.
143
144 It is up to the application to get the authenticator to
145 the service where it will be read by _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq_\b. Unless
146 an attacker possesses the session key contained in the
147 ticket, it will be unable to modify the authenticator.
148 Thus, the checksum can be used to verify the authenticity
149 of the other data that will pass through a connection.
150
151 _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq takes an authenticator of type K\bKT\bTE\bEX\bXT\bT,\b, a service
152 name, an instance, the address of the host originating the
153 request, and a pointer to a structure of type A\bAU\bUT\bTH\bH_\b_D\bDA\bAT\bT
154 which is filled in with information obtained from the
155 authenticator. It also optionally takes the name of the
156 file in which it will find the secret key(s) for the ser-
157 vice. If the supplied _\bi_\bn_\bs_\bt_\ba_\bn_\bc_\be contains "*", then the
158 first service key with the same service name found in the
159 service key file will be used, and the _\bi_\bn_\bs_\bt_\ba_\bn_\bc_\be argument
160 will be filled in with the chosen instance. This means
161 that the caller must provide space for such an instance
162 name.
163
164 It is used to find out information about the principal
165 when a request has been made to a service. It is up to
166 the application protocol to get the authenticator from the
167 client to the service. The authenticator is then passed
168 to _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq to extract the desired information.
169
170 _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq returns zero (RD_AP_OK) upon successful authen-
171 tication. If a packet was forged, modified, or replayed,
172 authentication will fail. If the authentication fails, a
173 non-zero value is returned indicating the particular prob-
174 lem encountered. See _\bk_\br_\bb_\b._\bh for the list of error codes.
175
176 If the last argument is the null string (""), krb_rd_req
177 will use the file /etc/srvtab to find its keys. If the
178 last argument is NULL, it will assume that the key has
179 been set by _\bk_\br_\bb_\b__\bs_\be_\bt_\b__\bk_\be_\by and will not bother looking fur-
180 ther.
181
182 _\bk_\br_\bb_\b__\bk_\bn_\bt_\bo_\bl_\bn converts a Kerberos name to a local name. It
183 takes a structure of type AUTH_DAT and uses the name and
184 instance to look in the database /etc/aname to find the
185 corresponding local name. The local name is returned and
186 can be used by an application to change uids, directories,
187 or other parameters. It is not an integral part of Ker-
188 beros, but is instead provided to support the use of Ker-
189 beros in existing utilities.
190
191
192
193MIT Project Athena Kerberos Version 4.0 3
194
195
196
197
198
199
200
201
202KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
203
204
205 _\bk_\br_\bb_\b__\bs_\be_\bt_\b__\bk_\be_\by takes as an argument a des key. It then cre-
206 ates a key schedule from it and saves the original key to
207 be used as an initialization vector. It is used to set
208 the server's key which must be used to decrypt tickets.
209
210 If called with a non-zero second argument, _\bk_\br_\bb_\b__\bs_\be_\bt_\b__\bk_\be_\by
211 will first convert the input from a string of arbitrary
212 length to a DES key by encrypting it with a one-way func-
213 tion.
214
215 In most cases it should not be necessary to call
216 _\bk_\br_\bb_\b__\bs_\be_\bt_\b__\bk_\be_\by_\b. The necessary keys will usually be obtained
217 and set inside _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq_\b. _\bk_\br_\bb_\b__\bs_\be_\bt_\b__\bk_\be_\by is provided for
218 those applications that do not wish to place the applica-
219 tion keys on disk.
220
221 _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bc_\br_\be_\bd searches the caller's ticket file for a
222 ticket for the given service, instance, and realm; and, if
223 a ticket is found, fills in the given CREDENTIALS struc-
224 ture with the ticket information.
225
226 If the ticket was found, _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bc_\br_\be_\bd returns GC_OK. If
227 the ticket file can't be found, can't be read, doesn't
228 belong to the user (other than root), isn't a regular
229 file, or is in the wrong mode, the error GC_TKFIL is
230 returned.
231
232 _\bk_\br_\bb_\b__\bm_\bk_\b__\bp_\br_\bi_\bv creates an encrypted, authenticated message
233 from any arbitrary application data, pointed to by _\bi_\bn and
234 _\bi_\bn_\b__\bl_\be_\bn_\bg_\bt_\bh bytes long. The private session key, pointed to
235 by _\bk_\be_\by and the key schedule, _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be_\b, are used to encrypt
236 the data and some header information using _\bp_\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt_\b.
237 _\bs_\be_\bn_\bd_\be_\br and _\br_\be_\bc_\be_\bi_\bv_\be_\br point to the Internet address of the
238 two parties. In addition to providing privacy, this pro-
239 tocol message protects against modifications, insertions
240 or replays. The encapsulated message and header are
241 placed in the area pointed to by _\bo_\bu_\bt and the routine
242 returns the length of the output, or -1 indicating an
243 error.
244
245 _\bk_\br_\bb_\b__\br_\bd_\b__\bp_\br_\bi_\bv decrypts and authenticates a received
246 _\bk_\br_\bb_\b__\bm_\bk_\b__\bp_\br_\bi_\bv message. _\bi_\bn points to the beginning of the
247 received message, whose length is specified in _\bi_\bn_\b__\bl_\be_\bn_\bg_\bt_\bh_\b.
248 The private session key, pointed to by _\bk_\be_\by_\b, and the key
249 schedule, _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be_\b, are used to decrypt and verify the
250 received message. _\bm_\bs_\bg_\b__\bd_\ba_\bt_\ba is a pointer to a _\bM_\bS_\bG_\b__\bD_\bA_\bT
251 struct, defined in _\bk_\br_\bb_\b._\bh_\b. The routine fills in the
252 _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field with a pointer to the decrypted application
253 data, _\ba_\bp_\bp_\b__\bl_\be_\bn_\bg_\bt_\bh with the length of the _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field,
254 _\bt_\bi_\bm_\be_\b__\bs_\be_\bc and _\bt_\bi_\bm_\be_\b__\b5_\bm_\bs with the timestamps in the message,
255 and _\bs_\bw_\ba_\bp with a 1 if the byte order of the receiver is
256
257
258
259MIT Project Athena Kerberos Version 4.0 4
260
261
262
263
264
265
266
267
268KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
269
270
271 different than that of the sender. (The application must
272 still determine if it is appropriate to byte-swap applica-
273 tion data; the Kerberos protocol fields are already taken
274 care of). The _\bh_\ba_\bs_\bh field returns a value useful as input
275 to the _\bk_\br_\bb_\b__\bc_\bk_\b__\br_\be_\bp_\bl routine.
276
277 The routine returns zero if ok, or a Kerberos error code.
278 Modified messages and old messages cause errors, but it is
279 up to the caller to check the time sequence of messages,
280 and to check against recently replayed messages using
281 _\bk_\br_\bb_\b__\bc_\bk_\b__\br_\be_\bp_\bl if so desired.
282
283 _\bk_\br_\bb_\b__\bm_\bk_\b__\bs_\ba_\bf_\be creates an authenticated, but unencrypted mes-
284 sage from any arbitrary application data, pointed to by _\bi_\bn
285 and _\bi_\bn_\b__\bl_\be_\bn_\bg_\bt_\bh bytes long. The private session key,
286 pointed to by _\bk_\be_\by_\b, is used to seed the _\bq_\bu_\ba_\bd_\b__\bc_\bk_\bs_\bu_\bm_\b(_\b) check-
287 sum algorithm used as part of the authentication. _\bs_\be_\bn_\bd_\be_\br
288 and _\br_\be_\bc_\be_\bi_\bv_\be_\br point to the Internet address of the two par-
289 ties. This message does not provide privacy, but does
290 protect (via detection) against modifications, insertions
291 or replays. The encapsulated message and header are
292 placed in the area pointed to by _\bo_\bu_\bt and the routine
293 returns the length of the output, or -1 indicating an
294 error. The authentication provided by this routine is not
295 as strong as that provided by _\bk_\br_\bb_\b__\bm_\bk_\b__\bp_\br_\bi_\bv or by computing
296 the checksum using _\bc_\bb_\bc_\b__\bc_\bk_\bs_\bu_\bm instead, both of which
297 authenticate via DES.
298
299
300 _\bk_\br_\bb_\b__\br_\bd_\b__\bs_\ba_\bf_\be authenticates a received _\bk_\br_\bb_\b__\bm_\bk_\b__\bs_\ba_\bf_\be message.
301 _\bi_\bn points to the beginning of the received message, whose
302 length is specified in _\bi_\bn_\b__\bl_\be_\bn_\bg_\bt_\bh_\b. The private session
303 key, pointed to by _\bk_\be_\by_\b, is used to seed the quad_cksum()
304 routine as part of the authentication. _\bm_\bs_\bg_\b__\bd_\ba_\bt_\ba is a
305 pointer to a _\bM_\bS_\bG_\b__\bD_\bA_\bT struct, defined in _\bk_\br_\bb_\b._\bh _\b. The rou-
306 tine fills in these _\bM_\bS_\bG_\b__\bD_\bA_\bT fields: the _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field
307 with a pointer to the application data, _\ba_\bp_\bp_\b__\bl_\be_\bn_\bg_\bt_\bh with
308 the length of the _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field, _\bt_\bi_\bm_\be_\b__\bs_\be_\bc and _\bt_\bi_\bm_\be_\b__\b5_\bm_\bs
309 with the timestamps in the message, and _\bs_\bw_\ba_\bp with a 1 if
310 the byte order of the receiver is different than that of
311 the sender. (The application must still determine if it
312 is appropriate to byte-swap application data; the Kerberos
313 protocol fields are already taken care of). The _\bh_\ba_\bs_\bh
314 field returns a value useful as input to the _\bk_\br_\bb_\b__\bc_\bk_\b__\br_\be_\bp_\bl
315 routine.
316
317 The routine returns zero if ok, or a Kerberos error code.
318 Modified messages and old messages cause errors, but it is
319 up to the caller to check the time sequence of messages,
320 and to check against recently replayed messages using
321 _\bk_\br_\bb_\b__\bc_\bk_\b__\br_\be_\bp_\bl if so desired.
322
323
324
325MIT Project Athena Kerberos Version 4.0 5
326
327
328
329
330
331
332
333
334KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
335
336
337 _\bk_\br_\bb_\b__\bm_\bk_\b__\be_\br_\br constructs an application level error message
338 that may be used along with _\bk_\br_\bb_\b__\bm_\bk_\b__\bp_\br_\bi_\bv or _\bk_\br_\bb_\b__\bm_\bk_\b__\bs_\ba_\bf_\be_\b.
339 _\bo_\bu_\bt is a pointer to the output buffer, _\bc_\bo_\bd_\be is an applica-
340 tion specific error code, and _\bs_\bt_\br_\bi_\bn_\bg is an application
341 specific error string.
342
343
344 _\bk_\br_\bb_\b__\br_\bd_\b__\be_\br_\br unpacks a received _\bk_\br_\bb_\b__\bm_\bk_\b__\be_\br_\br message. _\bi_\bn
345 points to the beginning of the received message, whose
346 length is specified in _\bi_\bn_\b__\bl_\be_\bn_\bg_\bt_\bh_\b. _\bc_\bo_\bd_\be is a pointer to a
347 value to be filled in with the error value provided by the
348 application. _\bm_\bs_\bg_\b__\bd_\ba_\bt_\ba is a pointer to a _\bM_\bS_\bG_\b__\bD_\bA_\bT struct,
349 defined in _\bk_\br_\bb_\b._\bh _\b. The routine fills in these _\bM_\bS_\bG_\b__\bD_\bA_\bT
350 fields: the _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field with a pointer to the applica-
351 tion error text, _\ba_\bp_\bp_\b__\bl_\be_\bn_\bg_\bt_\bh with the length of the
352 _\ba_\bp_\bp_\b__\bd_\ba_\bt_\ba field, and _\bs_\bw_\ba_\bp with a 1 if the byte order of the
353 receiver is different than that of the sender. (The
354 application must still determine if it is appropriate to
355 byte-swap application data; the Kerberos protocol fields
356 are already taken care of).
357
358 The routine returns zero if the error message has been
359 successfully received, or a Kerberos error code.
360
361 The _\bK_\bT_\bE_\bX_\bT structure is used to pass around text of varying
362 lengths. It consists of a buffer for the data, and a
363 length. krb_rd_req takes an argument of this type con-
364 taining the authenticator, and krb_mk_req returns the
365 authenticator in a structure of this type. KTEXT itself
366 is really a pointer to the structure. The actual struc-
367 ture is of type KTEXT_ST.
368
369 The _\bA_\bU_\bT_\bH_\b__\bD_\bA_\bT structure is filled in by krb_rd_req. It
370 must be allocated before calling krb_rd_req, and a pointer
371 to it is passed. The structure is filled in with data
372 obtained from Kerberos. _\bM_\bS_\bG_\b__\bD_\bA_\bT structure is filled in by
373 either krb_rd_priv, krb_rd_safe, or krb_rd_err. It must
374 be allocated before the call and a pointer to it is
375 passed. The structure is filled in with data obtained
376 from Kerberos.
377
378
379F\bFI\bIL\bLE\bES\bS
380 /usr/include/kerberosIV/krb.h
381 /usr/lib/libkrb.a
382 /usr/include/kerberosIV/des.h
383 /usr/lib/libdes.a
384 /etc/kerberosIV/aname
385 /etc/kerberosIV/srvtab
386 /tmp/tkt[uid]
387
388
389
390
391MIT Project Athena Kerberos Version 4.0 6
392
393
394
395
396
397
398
399
400KERBEROS(3) BSD Programmer's Manual KERBEROS(3)
401
402
403S\bSE\bEE\bE A\bAL\bLS\bSO\bO
404 kerberos(1), des_crypt(3)
405
406D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS
407B\bBU\bUG\bGS\bS
408 The caller of _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq_\b, _\bk_\br_\bb_\b__\br_\bd_\b__\bp_\br_\bi_\bv_\b, _\ba_\bn_\bd _\bk_\br_\bb_\b__\br_\bd_\b__\bs_\ba_\bf_\be
409 must check time order and for replay attempts.
410 _\bk_\br_\bb_\b__\bc_\bk_\b__\br_\be_\bp_\bl is not implemented yet.
411
412A\bAU\bUT\bTH\bHO\bOR\bRS\bS
413 Clifford Neuman, MIT Project Athena
414 Steve Miller, MIT Project Athena/Digital Equipment Corpo-
415 ration
416
417R\bRE\bES\bST\bTR\bRI\bIC\bCT\bTI\bIO\bON\bNS\bS
418 COPYRIGHT 1985,1986,1989 Massachusetts Institute of Tech-
419 nology
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457MIT Project Athena Kerberos Version 4.0 7
458
459
460
461
462
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.