projects / unix-history / blob
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
BSD 4_4_Lite2 development
[unix-history] / usr / share / man / cat3 / realm.0
KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3)
N\bNA\bAM\bME\bE
krb_realmofhost, krb_get_phost, krb_get_krbhst,
krb_get_admhst, krb_get_lrealm - additional Kerberos util-
ity routines
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
#\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/k\bkr\brb\bb.\b.h\bh>\b>
#\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/d\bde\bes\bs.\b.h\bh>\b>
#\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<n\bne\bet\bti\bin\bne\bet\bt/\b/i\bin\bn.\b.h\bh>\b>
c\bch\bha\bar\br *\b*k\bkr\brb\bb_\b_r\bre\bea\bal\blm\bmo\bof\bfh\bho\bos\bst\bt(\b(h\bho\bos\bst\bt)\b)
c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b;
c\bch\bha\bar\br *\b*k\bkr\brb\bb_\b_g\bge\bet\bt_\b_p\bph\bho\bos\bst\bt(\b(a\bal\bli\bia\bas\bs)\b)
c\bch\bha\bar\br *\b*a\bal\bli\bia\bas\bs;\b;
k\bkr\brb\bb_\b_g\bge\bet\bt_\b_k\bkr\brb\bbh\bhs\bst\bt(\b(h\bho\bos\bst\bt,\b,r\bre\bea\bal\blm\bm,\b,n\bn)\b)
c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b;
c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b;
i\bin\bnt\bt n\bn;\b;
k\bkr\brb\bb_\b_g\bge\bet\bt_\b_a\bad\bdm\bmh\bhs\bst\bt(\b(h\bho\bos\bst\bt,\b,r\bre\bea\bal\blm\bm,\b,n\bn)\b)
c\bch\bha\bar\br *\b*h\bho\bos\bst\bt;\b;
c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b;
i\bin\bnt\bt n\bn;\b;
k\bkr\brb\bb_\b_g\bge\bet\bt_\b_l\blr\bre\bea\bal\blm\bm(\b(r\bre\bea\bal\blm\bm,\b,n\bn)\b)
c\bch\bha\bar\br *\b*r\bre\bea\bal\blm\bm;\b;
i\bin\bnt\bt n\bn;\b;
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
_\bk_\br_\bb_\b__\br_\be_\ba_\bl_\bm_\bo_\bf_\bh_\bo_\bs_\bt returns the Kerberos realm of the host
_\bh_\bo_\bs_\bt, as determined by the translation table
_\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\br_\be_\ba_\bl_\bm_\bs. _\bh_\bo_\bs_\bt should be the fully-
qualified domain-style primary host name of the host in
question. In order to prevent certain security attacks,
this routine must either have _\ba _\bp_\br_\bi_\bo_\br_\bi knowledge of a
host's realm, or obtain such information securely.
The format of the translation file is described by
_\bk_\br_\bb_\b._\br_\be_\ba_\bl_\bm_\bs(5). If _\bh_\bo_\bs_\bt exactly matches a host_name line,
the corresponding realm is returned. Otherwise, if the
domain portion of _\bh_\bo_\bs_\bt matches a domain_name line, the
corresponding realm is returned. If _\bh_\bo_\bs_\bt contains a
domain, but no translation is found, _\bh_\bo_\bs_\bt's domain is con-
verted to upper-case and returned. If _\bh_\bo_\bs_\bt contains no
discernible domain, or an error occurs, the local realm
name, as supplied by _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm(3), is returned.
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bp_\bh_\bo_\bs_\bt converts the hostname _\ba_\bl_\bi_\ba_\bs (which can be
either an official name or an alias) into the instance
MIT Project Athena Kerberos Version 4.0 1
KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3)
name to be used in obtaining Kerberos tickets for most
services, including the Berkeley rcmd suite (rlogin, rcp,
rsh).
The current convention is to return the first segment of
the official domain-style name after conversion to lower
case.
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bk_\br_\bb_\bh_\bs_\bt fills in _\bh_\bo_\bs_\bt with the hostname of the _\bnth
host running a Kerberos key distribution center (KDC) for
realm _\br_\be_\ba_\bl_\bm, as specified in the configuration file
(_\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\bc_\bo_\bn_\bf). The configuration file is
described by _\bk_\br_\bb_\b._\bc_\bo_\bn_\bf(5). If the host is successfully
filled in, the routine returns KSUCCESS. If the file can-
not be opened, and _\bn equals 1, then the value of KRB_HOST
as defined in _\b<_\bk_\br_\bb_\b._\bh_\b> is filled in, and KSUCCESS is
returned. If there are fewer than _\bn hosts running a Ker-
beros KDC for the requested realm, or the configuration
file is malformed, the routine returns KFAILURE.
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\ba_\bd_\bm_\bh_\bs_\bt fills in _\bh_\bo_\bs_\bt with the hostname of the _\bnth
host running a Kerberos KDC database administration server
for realm _\br_\be_\ba_\bl_\bm, as specified in the configuration file
(_\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bk_\br_\bb_\b._\bc_\bo_\bn_\bf). If the file cannot be opened
or is malformed, or there are fewer than _\bn hosts running a
Kerberos KDC database administration server, the routine
returns KFAILURE.
The character arrays used as return values for
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bk_\br_\bb_\bh_\bs_\bt, _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\ba_\bd_\bm_\bh_\bs_\bt, should be large enough to
hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm fills in _\br_\be_\ba_\bl_\bm with the _\bnth realm of the
local host, as specified in the configuration file. _\br_\be_\ba_\bl_\bm
should be at least REALM_SZ (from _\b<_\bk_\br_\bb_\b._\bh_\b>_\b)characters_\bl_\bo_\bn_\bg_\b.
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
kerberos(3), krb.conf(5), krb.realms(5)
F\bFI\bIL\bLE\bES\bS
/etc/kerberosIV/krb.realms
translation file for host-to-realm
mapping.
/etc/kerberosIV/krb.conf
local realm-name and realm/server con-
figuration file.
B\bBU\bUG\bGS\bS
The current convention for instance names is too limited;
the full domain name should be used.
MIT Project Athena Kerberos Version 4.0 2
KRB_REALMOFHOST(3) BSD Programmer's Manual KRB_REALMOFHOST(3)
_\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bl_\br_\be_\ba_\bl_\bm currently only supports _\bn = 1. It should
really consult the user's ticket cache to determine the
user's current realm, rather than consulting a file on the
host.
MIT Project Athena Kerberos Version 4.0 3
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.