

KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)


NNAAMMEE
       krb_sendauth,  krb_recvauth, krb_net_write, krb_net_read -
       Kerberos routines for sending authentication  via  network
       stream sockets

SSYYNNOOPPSSIISS
       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
       ##iinncclluuddee <<nneettiinneett//iinn..hh>>


       iinntt kkrrbb__sseennddaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, rreeaallmm,,
                 cchheecckkssuumm,,  mmssgg__ddaattaa,,  ccrreedd,,   sscchheedduullee,,   llaaddddrr,,
                 ffaaddddrr,, vveerrssiioonn))
       lloonngg ooppttiioonnss;;
       iinntt ffdd;;
       KKTTEEXXTT kktteexxtt;;
       cchhaarr **sseerrvviiccee,, **iinnsstt,, **rreeaallmm;;
       uu__lloonngg cchheecckkssuumm;;
       MMSSGG__DDAATT **mmssgg__ddaattaa;;
       CCRREEDDEENNTTIIAALLSS **ccrreedd;;
       KKeeyy__sscchheedduullee sscchheedduullee;;
       ssttrruucctt ssoocckkaaddddrr__iinn **llaaddddrr,, **ffaaddddrr;;
       cchhaarr **vveerrssiioonn;;


       iinntt kkrrbb__rreeccvvaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, ffaaddddrr,,
                 llaaddddrr,, aauutthh__ddaattaa,, ffiilleennaammee,, sscchheedduullee,, vveerrssiioonn))
       lloonngg ooppttiioonnss;;
       iinntt ffdd;;
       KKTTEEXXTT kktteexxtt;;
       cchhaarr **sseerrvviiccee,, **iinnsstt;;
       ssttrruucctt ssoocckkaaddddrr__iinn **ffaaddddrr,, **llaaddddrr;;
       AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
       cchhaarr **ffiilleennaammee;;
       KKeeyy__sscchheedduullee sscchheedduullee;;
       cchhaarr **vveerrssiioonn;;

       iinntt kkrrbb__nneett__wwrriittee((ffdd,, bbuuff,, lleenn))
       iinntt ffdd;;
       cchhaarr **bbuuff;;
       iinntt lleenn;;

       iinntt kkrrbb__nneett__rreeaadd((ffdd,, bbuuff,, lleenn))
       iinntt ffdd;;
       cchhaarr **bbuuff;;
       iinntt lleenn;;

DDEESSCCRRIIPPTTIIOONN
       These functions, which are built on top of the  core  Ker-
       beros  library,  provide a convenient means for client and


MIT Project Athena     Kerberos Version 4.0                     1


KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)


       server programs to send  authentication  messages  to  one
       another  through  network  connections.   The _k_r_b___s_e_n_d_a_u_t_h
       function sends an authenticated  ticket  from  the  client
       program  to  the server program by writing the ticket to a
       network socket.  The _k_r_b___r_e_c_v_a_u_t_h  function  receives  the
       ticket from the client by reading from a network socket.


KKRRBB__SSEENNDDAAUUTTHH
       This  function  writes  the  ticket  to the network socket
       specified by the file descriptor _f_d_, returning KSUCCESS if
       the  write  proceeds successfully, and an error code if it
       does not.

       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
       structure.  The _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments specify
       the server program's Kerberos  principal  name,  instance,
       and  realm.   If  you  are  writing a client that uses the
       local realm exclusively, you can set the _r_e_a_l_m argument to
       NULL.

       The  _v_e_r_s_i_o_n argument allows the client program to pass an
       application-specific version string that the  server  pro-
       gram  can  then match against its own version string.  The
       _v_e_r_s_i_o_n string can be up to  KSEND_VNO_LEN  (see  _<_k_r_b_._h_>)
       characters in length.

       The  _c_h_e_c_k_s_u_m argument can be used to pass checksum infor-
       mation to the  server  program.   The  client  program  is
       responsible  for specifying this information.  This check-
       sum  information   is   difficult   to   corrupt   because
       _k_r_b___s_e_n_d_a_u_t_h passes it over the network in encrypted form.
       The _c_h_e_c_k_s_u_m argument is passed as the  checksum  argument
       to _k_r_b___m_k___r_e_q.

       You  can set _k_r_b___s_e_n_d_a_u_t_h_'_s other arguments to NULL unless
       you want  the  client  and  server  programs  to  mutually
       authenticate  themselves.  In the case of mutual authenti-
       cation, the client authenticates itself to the server pro-
       gram,  and  demands  that  the server in turn authenticate
       itself to the client.


KKRRBB__SSEENNDDAAUUTTHH AANNDD MMUUTTUUAALL AAUUTTHHEENNTTIICCAATTIIOONN
       If you want mutual authentication, make sure that you read
       all  pending  data  from  the  local socket before calling
       _k_r_b___s_e_n_d_a_u_t_h_.   Set  _k_r_b___s_e_n_d_a_u_t_h_'_s  _o_p_t_i_o_n_s  argument  to
       KKOOPPTT__DDOO__MMUUTTUUAALL  (this macro is defined in the _k_r_b_._h file);
       make sure that the _l_a_d_d_r argument points to the address of
       the  local  socket,  and  that _f_a_d_d_r points to the foreign
       socket's network address.


MIT Project Athena     Kerberos Version 4.0                     2


KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)


       _K_r_b___s_e_n_d_a_u_t_h fills  in  the  other  arguments--  _m_s_g___d_a_t_a,
       _c_r_e_d,  and  _s_c_h_e_d_u_l_e--before  sending  the  ticket  to the
       server program.  You must,  however,  allocate  space  for
       these arguments before calling the function.

       _K_r_b___s_e_n_d_a_u_t_h supports two other options: KKOOPPTT__DDOONNTT__MMKK__RREEQQ,,
       and  KKOOPPTT__DDOONNTT__CCAANNOONN..   If  called  with  _o_p_t_i_o_n_s  set  as
       KOPT_DONT_MK_REQ, _k_r_b___s_e_n_d_a_u_t_h will not use the _k_r_b___m_k___r_e_q
       function to retrieve the ticket from the Kerberos  server.
       The  _k_t_e_x_t  argument  must point to an existing ticket and
       authenticator (such as would be  created  by  _k_r_b___m_k___r_e_q),
       and  the  _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments can be set to
       NULL.

       If   called   with   _o_p_t_i_o_n_s   set   as   KOPT_DONT_CANON,
       _k_r_b___s_e_n_d_a_u_t_h  will  not  convert the service's instance to
       canonical form using _k_r_b___g_e_t___p_h_o_s_t(3).

       If you want to call _k_r_b___s_e_n_d_a_u_t_h with a  multiple  _o_p_t_i_o_n_s
       specification,  construct  _o_p_t_i_o_n_s  as a bitwise-OR of the
       options you want to specify.


KKRRBB__RREECCVVAAUUTTHH
       The _k_r_b___r_e_c_v_a_u_t_h  function  reads  a  ticket/authenticator
       pair  from  the socket pointed to by the _f_d argument.  Set
       the _o_p_t_i_o_n_s  argument  as  a  bitwise-OR  of  the  options
       desired.   Currently  only KOPT_DO_MUTUAL is useful to the
       receiver.

       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
       structure.     _K_r_b___r_e_c_v_a_u_t_h    fills    _k_t_e_x_t   with   the
       ticket/authenticator pair read from _f_d, then passes it  to
       _k_r_b___r_d___r_e_q.

       The  _s_e_r_v_i_c_e  and _i_n_s_t arguments specify the expected ser-
       vice and instance for  which  the  ticket  was  generated.
       They are also passed to _k_r_b___r_d___r_e_q_.  The _i_n_s_t argument may
       be set to "*" if the caller wishes _k_r_b___m_k___r_e_q to  fill  in
       the  instance  used  (note that there must be space in the
       _i_n_s_t  argument  to  hold  a  full   instance   name,   see
       _k_r_b___m_k___r_e_q(3)).

       The _f_a_d_d_r argument should point to the address of the peer
       which is presenting the ticket.   It  is  also  passed  to
       _k_r_b___r_d___r_e_q.

       If the client and server plan to mutually authenticate one
       another, the _l_a_d_d_r argument  should  point  to  the  local
       address  of  the  file  descriptor.  Otherwise you can set
       this argument to NULL.


MIT Project Athena     Kerberos Version 4.0                     3


KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)


       The  _a_u_t_h___d_a_t_a  argument  should  point  to  an  allocated
       AUTH_DAT   area.   It  is  passed  to  and  filled  in  by
       _k_r_b___r_d___r_e_q.  The  checksum  passed  to  the  corresponding
       _k_r_b___s_e_n_d_a_u_t_h   is  available  as  part  of  the  filled-in
       AUTH_DAT area.

       The _f_i_l_e_n_a_m_e argument specifies  the  filename  which  the
       service  program  should  use  to  obtain its service key.
       _K_r_b___r_e_c_v_a_u_t_h passes _f_i_l_e_n_a_m_e to the  _k_r_b___r_d___r_e_q  function.
       If  you  set this argument to "", _k_r_b___r_d___r_e_q looks for the
       service key in the file _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_s_r_v_t_a_b_.

       If the client and server are performing mutual authentica-
       tion,  the  _s_c_h_e_d_u_l_e argument should point to an allocated
       Key_schedule.  Otherwise it is ignored and may be NULL.

       The _v_e_r_s_i_o_n argument should point to a character array  of
       at  least  KSEND_VNO_LEN characters.  It is filled in with
       the version string passed by the client to _k_r_b___s_e_n_d_a_u_t_h_.


KKRRBB__NNEETT__WWRRIITTEE AANNDD KKRRBB__NNEETT__RREEAADD
       The _k_r_b___n_e_t___w_r_i_t_e function emulates  the  write(2)  system
       call, but guarantees that all data specified is written to
       _f_d before returning, unless an error condition occurs.

       The _k_r_b___n_e_t___r_e_a_d  function  emulates  the  read(2)  system
       call,  but guarantees that the requested amount of data is
       read from _f_d before returning, unless an  error  condition
       occurs.


BBUUGGSS
       _k_r_b___s_e_n_d_a_u_t_h_,     _k_r_b___r_e_c_v_a_u_t_h_,     _k_r_b___n_e_t___w_r_i_t_e_,     and
       _k_r_b___n_e_t___r_e_a_d will not work properly on sockets set to non-
       blocking I/O mode.


SSEEEE AALLSSOO
       krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)


AAUUTTHHOORR
       John T. Kohl, MIT Project Athena

RREESSTTRRIICCTTIIOONNSS
       Copyright  1988,  Massachusetts Instititute of Technology.
       For copying and distribution information, please  see  the
       file <mit-copyright.h>.


MIT Project Athena     Kerberos Version 4.0                     4