:man| Alphabetical   Categories   About us 
 
KRB5_AUTH_CONTEXT (3) | C library functions | Unix Manual Pages | :man

NAME

krb5_auth_context, krb5_auth_con_init, krb5_auth_con_free, krb5_auth_con_setflags, krb5_auth_con_getflags, krb5_auth_con_setaddrs, krb5_auth_con_setaddrs_from_fd, krb5_auth_con_getaddrs, krb5_auth_con_genaddrs, krb5_auth_con_getkey, krb5_auth_con_setkey, krb5_auth_con_getuserkey, krb5_auth_con_setuserkey, krb5_auth_con_getlocalsubkey, krb5_auth_con_setlocalsubkey, krb5_auth_con_getremotesubkey, krb5_auth_con_setremotesubkey, krb5_auth_setcksumtype, krb5_auth_getcksumtype, krb5_auth_setkeytype, krb5_auth_getkeytype, krb5_auth_getlocalseqnumber, krb5_auth_setlocalseqnumber, krb5_auth_getremoteseqnumber, krb5_auth_setremoteseqnumber, krb5_auth_getauthenticator, krb5_auth_con_getrcache, krb5_auth_con_setrcache, krb5_auth_con_initivector, krb5_auth_con_setivector - manage authentication on connection level

CONTENTS

Library
Synopsis
Description
See Also

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS


.In krb5.h krb5_error_code
.Fo krb5_auth_con_init "krb5_context context" "krb5_auth_context *auth_context"
.Fc void
.Fo krb5_auth_con_free "krb5_context context" "krb5_auth_context auth_context"
.Fc krb5_error_code
.Fo krb5_auth_con_setflags "krb5_context context" "krb5_auth_context auth_context" "int32_t flags"
.Fc krb5_error_code
.Fo krb5_auth_con_getflags "krb5_context context" "krb5_auth_context auth_context" "int32_t *flags"
.Fc krb5_error_code
.Fo krb5_auth_con_setaddrs "krb5_context context" "krb5_auth_context auth_context" "krb5_address *local_addr" "krb5_address *remote_addr"
.Fc krb5_error_code
.Fo krb5_auth_con_getaddrs "krb5_context context" "krb5_auth_context auth_context" "krb5_address **local_addr" "krb5_address **remote_addr"
.Fc krb5_error_code
.Fo krb5_auth_con_genaddrs "krb5_context context" "krb5_auth_context auth_context" "int fd" "int flags"
.Fc krb5_error_code
.Fo krb5_auth_con_setaddrs_from_fd "krb5_context context" "krb5_auth_context auth_context" "void *p_fd"
.Fc krb5_error_code
.Fo krb5_auth_con_getkey "krb5_context context" "krb5_auth_context auth_context" "krb5_keyblock **keyblock"
.Fc krb5_error_code
.Fo krb5_auth_con_getlocalsubkey "krb5_context context" "krb5_auth_context auth_context" "krb5_keyblock **keyblock"
.Fc krb5_error_code
.Fo krb5_auth_con_getremotesubkey "krb5_context context" "krb5_auth_context auth_context" "krb5_keyblock **keyblock"
.Fc krb5_error_code
.Fo krb5_auth_con_initivector "krb5_context context" "krb5_auth_context auth_context"
.Fc krb5_error_code
.Fo krb5_auth_con_setivector "krb5_context context" "krb5_auth_context *auth_context" "krb5_pointer ivector"
.Fc

DESCRIPTION

The krb5_auth_context structure holds all context related to an authenticated connection, in a similar way to krb5_context that holds the context for the thread or process. krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum-type.

krb5_auth_con_init allocates and initializes the krb5_auth_context structure. Default values can be changed with krb5_auth_con_setcksumtype and krb5_auth_con_setflags. The auth_context structure must be freed by krb5_auth_con_free.

krb5_auth_con_getflags and krb5_auth_con_setflags gets and modifies the flags for a krb5_auth_context structure. Possible flags to set are:

KRB5_AUTH_CONTEXT_DO_TIME
check timestamp on incoming packets.
KRB5_AUTH_CONTEXT_DO_SEQUENCE
Generate and check sequence-number on each packet.

krb5_auth_con_setaddrs, krb5_auth_con_setaddrs_from_fd and krb5_auth_con_getaddrs gets and sets the addresses that are checked when a packet is received. It is mandatory to set an address for the remote host. If the local address is not set, it iss deduced from the underlaying operating system. krb5_auth_con_getaddrs will call krb5_free_address on any address that is passed in local_addr or remote_addr. krb5_auth_con_setaddr allows passing in a NULL pointer as local_addr and remote_addr, in that case it will just not set that address.

krb5_auth_con_setaddrs_from_fd fetches the addresses from a file descriptor.

krb5_auth_con_genaddrs fetches the address information from the given file descriptor fd depending on the bitmap argument flags.

Possible values on flags are:

KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
fetches the local address from fd.
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
fetches the remote address from fd.

krb5_auth_con_setkey, krb5_auth_con_setuserkey and krb5_auth_con_getkey gets and sets the key used for this auth context. The keyblock returned by krb5_auth_con_getkey should be freed with krb5_free_keyblock. The keyblock send into krb5_auth_con_setkey is copied into the krb5_auth_context, and thus no special handling is needed. NULL is not a valid keyblock to krb5_auth_con_setkey.

krb5_auth_con_setuserkey is only useful when doing user to user authentication. krb5_auth_con_setkey is equivalent to krb5_auth_con_setuserkey.

krb5_auth_con_getlocalsubkey, krb5_auth_con_setlocalsubkey, krb5_auth_con_getremotesubkey and krb5_auth_con_setremotesubkey gets and sets the keyblock for the local and remote subkey. The keyblock returned by krb5_auth_con_getlocalsubkey and krb5_auth_con_getremotesubkey must be freed with krb5_free_keyblock.

krb5_auth_setcksumtype and krb5_auth_getcksumtype sets and gets the checksum type that should be used for this connection.

krb5_auth_getremoteseqnumber krb5_auth_setremoteseqnumber, krb5_auth_getlocalseqnumber and krb5_auth_setlocalseqnumber gets and sets the sequence-number for the local and remote sequence-number counter.

krb5_auth_setkeytype and krb5_auth_getkeytype gets and gets the keytype of the keyblock in krb5_auth_context.

krb5_auth_getauthenticator Retrieves the authenticator that was used during mutual authentication. The authenticator returned should be freed by calling krb5_free_authenticator.

krb5_auth_con_getrcache and krb5_auth_con_setrcache gets and sets the replay-cache.

krb5_auth_con_initivector allocates memory for and zeros the initial vector in the auth_context keyblock.

krb5_auth_con_setivector sets the i_vector portion of auth_context to ivector.

SEE ALSO

krb5_context(3), kerberos(8)

 
Created by Blin Media, 2008-2013