1 .\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $
2 .\" $FreeBSD: src/crypto/kerberosIV/man/krb_sendauth.3,v 1.2 2000/02/24 20:21:15 markm Exp $
3 .\" $DragonFly: src/crypto/kerberosIV/man/Attic/krb_sendauth.3,v 1.2 2003/06/17 04:24:36 dillon Exp $
4 .\" Copyright 1988 by the Massachusetts Institute of Technology.
6 .\" For copying and distribution information,
7 .\" please see the file <mit-copyright.h>.
9 .TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
11 krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
12 Kerberos routines for sending authentication via network stream sockets
18 #include <openssl/des.h>
19 #include <netinet/in.h>
24 int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
25 msg_data, cred, schedule, laddr, faddr, version)
32 char *service, *inst, *realm;
36 Key_schedule schedule;
37 struct sockaddr_in *laddr, *faddr;
43 int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
44 auth_data, filename, schedule, version)
52 struct sockaddr_in *faddr, *laddr;
55 Key_schedule schedule;
59 int krb_net_write(fd, buf, len)
65 int krb_net_read(fd, buf, len)
73 which are built on top of the core Kerberos library,
74 provide a convenient means for client and server
75 programs to send authentication messages
76 to one another through network connections.
79 function sends an authenticated ticket from the client program to
80 the server program by writing the ticket to a network socket.
83 function receives the ticket from the client by
84 reading from a network socket.
88 This function writes the ticket to
89 the network socket specified by the
92 returning KSUCCESS if the write proceeds successfully,
93 and an error code if it does not.
97 argument should point to an allocated KTEXT_ST structure.
103 arguments specify the server program's Kerberos principal name,
105 If you are writing a client that uses the local realm exclusively,
112 argument allows the client program to pass an application-specific
113 version string that the server program can then match against
114 its own version string.
117 string can be up to KSEND_VNO_LEN (see
119 characters in length.
123 argument can be used to pass checksum information to the
125 The client program is responsible for specifying this information.
126 This checksum information is difficult to corrupt because
128 passes it over the network in encrypted form.
131 argument is passed as the checksum argument to
136 other arguments to NULL unless you want the
137 client and server programs to mutually authenticate
139 In the case of mutual authentication,
140 the client authenticates itself to the server program,
141 and demands that the server in turn authenticate itself to
144 .SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
146 If you want mutual authentication,
147 make sure that you read all pending data from the local socket
155 (this macro is defined in the
161 the address of the local socket,
164 points to the foreign socket's network address.
167 fills in the other arguments--
171 .IR schedule --before
172 sending the ticket to the server program.
173 You must, however, allocate space for these arguments
174 before calling the function.
177 supports two other options:
178 .BR KOPT_DONT_MK_REQ,
183 set as KOPT_DONT_MK_REQ,
187 function to retrieve the ticket from the Kerberos server.
190 argument must point to an existing ticket and authenticator (such as
198 arguments can be set to NULL.
202 set as KOPT_DONT_CANON,
204 will not convert the service's instance to canonical form using
205 .IR krb_get_phost (3).
214 as a bitwise-OR of the options you want to specify.
221 reads a ticket/authenticator pair from the socket pointed to by the
227 as a bitwise-OR of the options desired.
228 Currently only KOPT_DO_MUTUAL is useful to the receiver.
233 should point to an allocated KTEXT_ST structure.
238 ticket/authenticator pair read from
248 specify the expected service and instance for which the ticket was
249 generated. They are also passed to
253 argument may be set to "*" if the caller wishes
255 to fill in the instance used (note that there must be space in the
257 argument to hold a full instance name, see
263 should point to the address of the peer which is presenting the ticket.
267 If the client and server plan to mutually authenticate
272 should point to the local address of the file descriptor.
273 Otherwise you can set this argument to NULL.
278 should point to an allocated AUTH_DAT area.
279 It is passed to and filled in by
281 The checksum passed to the corresponding
283 is available as part of the filled-in AUTH_DAT area.
288 specifies the filename
289 which the service program should use to obtain its service key.
296 If you set this argument to "",
298 looks for the service key in the file
301 If the client and server are performing mutual authenication,
305 should point to an allocated Key_schedule.
306 Otherwise it is ignored and may be NULL.
310 argument should point to a character array of at least KSEND_VNO_LEN
311 characters. It is filled in with the version string passed by the client to
314 .SH KRB_NET_WRITE AND KRB_NET_READ
319 emulates the write(2) system call, but guarantees that all data
320 specified is written to
322 before returning, unless an error condition occurs.
327 emulates the read(2) system call, but guarantees that the requested
328 amount of data is read from
330 before returning, unless an error condition occurs.
338 will not work properly on sockets set to non-blocking I/O mode.
342 krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
345 John T. Kohl, MIT Project Athena
347 Copyright 1988, Massachusetts Instititute of Technology.
348 For copying and distribution information,
349 please see the file <mit-copyright.h>.