projects / unix-history / blame
| Commit | Line | Data |
|---|---|---|
| b1052012 C |
1 | |
| 2 | ||
| 3 | ||
| 4 | KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3) | |
| 5 | ||
| 6 | ||
| 7 | N\bNA\bAM\bME\bE | |
| 8 | krb_realmofhost, krb_get_phost, krb_get_krbhst, | |
| 9 | krb_get_admhst, krb_get_lrealm - additional Kerberos util- | |
| 10 | ity routines | |
| 11 | ||
| 12 | S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS | |
| 13 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/k\bkr\brb\bb.\b.h\bh>\b> | |
| 14 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/d\bde\bes\bs.\b.h\bh>\b> | |
| 15 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<n\bne\bet\bti\bin\bne\bet\bt/\b/i\bin\bn.\b.h\bh>\b> | |
| 16 | ||
| 17 | c\bch\bha\bar\br *\b*k\bkr\brb\bb_\b_r\bre\bea\bal\blm\bmo\bof\bfh\bho\bos\bst\bt(\b(h\bho\bos\bst\bt)\b) | |
| 18 | c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b; | |
| 19 | ||
| 20 | c\bch\bha\bar\br *\b*k\bkr\brb\bb_\b_g\bge\bet\bt_\b_p\bph\bho\bos\bst\bt(\b(a\bal\bli\bia\bas\bs)\b) | |
| 21 | c\bch\bha\bar\br *\b*a\bal\bli\bia\bas\bs;\b; | |
| 22 | ||
| 23 | k\bkr\brb\bb_\b_g\bge\bet\bt_\b_k\bkr\brb\bbh\bhs\bst\bt(\b(h\bho\bos\bst\bt,\b,r\bre\bea\bal\blm\bm,\b,n\bn)\b) | |
| 24 | c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b; | |
| 25 | c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b; | |
| 26 | i\bin\bnt\bt n\bn;\b; | |
| 27 | ||
| 28 | k\bkr\brb\bb_\b_g\bge\bet\bt_\b_a\bad\bdm\bmh\bhs\bst\bt(\b(h\bho\bos\bst\bt,\b,r\bre\bea\bal\blm\bm,\b,n\bn)\b) | |
| 29 | c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b; | |
| 30 | c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b; | |
| 31 | i\bin\bnt\bt n\bn;\b; | |
| 32 | ||
| 33 | k\bkr\brb\bb_\b_g\bge\bet\bt_\b_l\blr\bre\bea\bal\blm\bm(\b(r\bre\bea\bal\blm\bm,\b,n\bn)\b) | |
| 34 | c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b; | |
| 35 | i\bin\bnt\bt n\bn;\b; | |
| 36 | ||
| 37 | D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN | |
| 38 | _\bk_\br_\bb_\b__\br_\be_\ba_\bl_\bm_\bo_\bf_\bh_\bo_\bs_\bt returns the Kerberos realm of the host | |
| 39 | _\bh_\bo_\bs_\bt, as determined by the translation table | |
| 40 | _\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\br_\be_\ba_\bl_\bm_\bs. _\bh_\bo_\bs_\bt should be the fully- | |
| 41 | qualified domain-style primary host name of the host in | |
| 42 | question. In order to prevent certain security attacks, | |
| 43 | this routine must either have _\ba _\bp_\br_\bi_\bo_\br_\bi knowledge of a | |
| 44 | host's realm, or obtain such information securely. | |
| 45 | ||
| 46 | The format of the translation file is described by | |
| 47 | _\bk_\br_\bb_\b._\br_\be_\ba_\bl_\bm_\bs(5). If _\bh_\bo_\bs_\bt exactly matches a host_name line, | |
| 48 | the corresponding realm is returned. Otherwise, if the | |
| 49 | domain portion of _\bh_\bo_\bs_\bt matches a domain_name line, the | |
| 50 | corresponding realm is returned. If _\bh_\bo_\bs_\bt contains a | |
| 51 | domain, but no translation is found, _\bh_\bo_\bs_\bt's domain is con- | |
| 52 | verted to upper-case and returned. If _\bh_\bo_\bs_\bt contains no | |
| 53 | discernible domain, or an error occurs, the local realm | |
| 54 | name, as supplied by _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm(3), is returned. | |
| 55 | ||
| 56 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bp_\bh_\bo_\bs_\bt converts the hostname _\ba_\bl_\bi_\ba_\bs (which can be | |
| 57 | either an official name or an alias) into the instance | |
| 58 | ||
| 59 | ||
| 60 | ||
| 61 | MIT Project Athena Kerberos Version 4.0 1 | |
| 62 | ||
| 63 | ||
| 64 | ||
| 65 | ||
| 66 | ||
| 67 | ||
| 68 | ||
| 69 | ||
| 70 | KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3) | |
| 71 | ||
| 72 | ||
| 73 | name to be used in obtaining Kerberos tickets for most | |
| 74 | services, including the Berkeley rcmd suite (rlogin, rcp, | |
| 75 | rsh). | |
| 76 | The current convention is to return the first segment of | |
| 77 | the official domain-style name after conversion to lower | |
| 78 | case. | |
| 79 | ||
| 80 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bk_\br_\bb_\bh_\bs_\bt fills in _\bh_\bo_\bs_\bt with the hostname of the _\bnth | |
| 81 | host running a Kerberos key distribution center (KDC) for | |
| 82 | realm _\br_\be_\ba_\bl_\bm, as specified in the configuration file | |
| 83 | (_\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\bc_\bo_\bn_\bf). The configuration file is | |
| 84 | described by _\bk_\br_\bb_\b._\bc_\bo_\bn_\bf(5). If the host is successfully | |
| 85 | filled in, the routine returns KSUCCESS. If the file can- | |
| 86 | not be opened, and _\bn equals 1, then the value of KRB_HOST | |
| 87 | as defined in _\b<_\bk_\br_\bb_\b._\bh_\b> is filled in, and KSUCCESS is | |
| 88 | returned. If there are fewer than _\bn hosts running a Ker- | |
| 89 | beros KDC for the requested realm, or the configuration | |
| 90 | file is malformed, the routine returns KFAILURE. | |
| 91 | ||
| 92 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\ba_\bd_\bm_\bh_\bs_\bt fills in _\bh_\bo_\bs_\bt with the hostname of the _\bnth | |
| 93 | host running a Kerberos KDC database administration server | |
| 94 | for realm _\br_\be_\ba_\bl_\bm, as specified in the configuration file | |
| 95 | (_\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\bc_\bo_\bn_\bf). If the file cannot be opened | |
| 96 | or is malformed, or there are fewer than _\bn hosts running a | |
| 97 | Kerberos KDC database administration server, the routine | |
| 98 | returns KFAILURE. | |
| 99 | ||
| 100 | The character arrays used as return values for | |
| 101 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bk_\br_\bb_\bh_\bs_\bt, _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\ba_\bd_\bm_\bh_\bs_\bt, should be large enough to | |
| 102 | hold any hostname (MAXHOSTNAMELEN from <sys/param.h>). | |
| 103 | ||
| 104 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm fills in _\br_\be_\ba_\bl_\bm with the _\bnth realm of the | |
| 105 | local host, as specified in the configuration file. _\br_\be_\ba_\bl_\bm | |
| 106 | should be at least REALM_SZ (from _\b<_\bk_\br_\bb_\b._\bh_\b>_\b)characters_\bl_\bo_\bn_\bg_\b. | |
| 107 | ||
| 108 | ||
| 109 | S\bSE\bEE\bE A\bAL\bLS\bSO\bO | |
| 110 | kerberos(3), krb.conf(5), krb.realms(5) | |
| 111 | ||
| 112 | F\bFI\bIL\bLE\bES\bS | |
| 113 | /etc/kerberosIV/krb.realms | |
| 114 | translation file for host-to-realm | |
| 115 | mapping. | |
| 116 | ||
| 117 | /etc/kerberosIV/krb.conf | |
| 118 | local realm-name and realm/server con- | |
| 119 | figuration file. | |
| 120 | ||
| 121 | B\bBU\bUG\bGS\bS | |
| 122 | The current convention for instance names is too limited; | |
| 123 | the full domain name should be used. | |
| 124 | ||
| 125 | ||
| 126 | ||
| 127 | MIT Project Athena Kerberos Version 4.0 2 | |
| 128 | ||
| 129 | ||
| 130 | ||
| 131 | ||
| 132 | ||
| 133 | ||
| 134 | ||
| 135 | ||
| 136 | KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3) | |
| 137 | ||
| 138 | ||
| 139 | _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm currently only supports _\bn = 1. It should | |
| 140 | really consult the user's ticket cache to determine the | |
| 141 | user's current realm, rather than consulting a file on the | |
| 142 | host. | |
| 143 | ||
| 144 | ||
| 145 | ||
| 146 | ||
| 147 | ||
| 148 | ||
| 149 | ||
| 150 | ||
| 151 | ||
| 152 | ||
| 153 | ||
| 154 | ||
| 155 | ||
| 156 | ||
| 157 | ||
| 158 | ||
| 159 | ||
| 160 | ||
| 161 | ||
| 162 | ||
| 163 | ||
| 164 | ||
| 165 | ||
| 166 | ||
| 167 | ||
| 168 | ||
| 169 | ||
| 170 | ||
| 171 | ||
| 172 | ||
| 173 | ||
| 174 | ||
| 175 | ||
| 176 | ||
| 177 | ||
| 178 | ||
| 179 | ||
| 180 | ||
| 181 | ||
| 182 | ||
| 183 | ||
| 184 | ||
| 185 | ||
| 186 | ||
| 187 | ||
| 188 | ||
| 189 | ||
| 190 | ||
| 191 | ||
| 192 | ||
| 193 | MIT Project Athena Kerberos Version 4.0 3 | |
| 194 | ||
| 195 | ||
| 196 | ||
| 197 | ||
| 198 |