1 .\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $
2 .\" $FreeBSD: src/crypto/kerberosIV/man/krb_sendauth.3,v 1.2 2000/02/24 20:21:15 markm Exp $
3 .\" Copyright 1988 by the Massachusetts Institute of Technology.
5 .\" For copying and distribution information,
6 .\" please see the file <mit-copyright.h>.
8 .TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
10 krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
11 Kerberos routines for sending authentication via network stream sockets
17 #include <openssl/des.h>
18 #include <netinet/in.h>
23 int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
24 msg_data, cred, schedule, laddr, faddr, version)
31 char *service, *inst, *realm;
35 Key_schedule schedule;
36 struct sockaddr_in *laddr, *faddr;
42 int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
43 auth_data, filename, schedule, version)
51 struct sockaddr_in *faddr, *laddr;
54 Key_schedule schedule;
58 int krb_net_write(fd, buf, len)
64 int krb_net_read(fd, buf, len)
72 which are built on top of the core Kerberos library,
73 provide a convenient means for client and server
74 programs to send authentication messages
75 to one another through network connections.
78 function sends an authenticated ticket from the client program to
79 the server program by writing the ticket to a network socket.
82 function receives the ticket from the client by
83 reading from a network socket.
87 This function writes the ticket to
88 the network socket specified by the
91 returning KSUCCESS if the write proceeds successfully,
92 and an error code if it does not.
96 argument should point to an allocated KTEXT_ST structure.
102 arguments specify the server program's Kerberos principal name,
104 If you are writing a client that uses the local realm exclusively,
111 argument allows the client program to pass an application-specific
112 version string that the server program can then match against
113 its own version string.
116 string can be up to KSEND_VNO_LEN (see
118 characters in length.
122 argument can be used to pass checksum information to the
124 The client program is responsible for specifying this information.
125 This checksum information is difficult to corrupt because
127 passes it over the network in encrypted form.
130 argument is passed as the checksum argument to
135 other arguments to NULL unless you want the
136 client and server programs to mutually authenticate
138 In the case of mutual authentication,
139 the client authenticates itself to the server program,
140 and demands that the server in turn authenticate itself to
143 .SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
145 If you want mutual authentication,
146 make sure that you read all pending data from the local socket
154 (this macro is defined in the
160 the address of the local socket,
163 points to the foreign socket's network address.
166 fills in the other arguments--
170 .IR schedule --before
171 sending the ticket to the server program.
172 You must, however, allocate space for these arguments
173 before calling the function.
176 supports two other options:
177 .BR KOPT_DONT_MK_REQ,
182 set as KOPT_DONT_MK_REQ,
186 function to retrieve the ticket from the Kerberos server.
189 argument must point to an existing ticket and authenticator (such as
197 arguments can be set to NULL.
201 set as KOPT_DONT_CANON,
203 will not convert the service's instance to canonical form using
204 .IR krb_get_phost (3).
213 as a bitwise-OR of the options you want to specify.
220 reads a ticket/authenticator pair from the socket pointed to by the
226 as a bitwise-OR of the options desired.
227 Currently only KOPT_DO_MUTUAL is useful to the receiver.
232 should point to an allocated KTEXT_ST structure.
237 ticket/authenticator pair read from
247 specify the expected service and instance for which the ticket was
248 generated. They are also passed to
252 argument may be set to "*" if the caller wishes
254 to fill in the instance used (note that there must be space in the
256 argument to hold a full instance name, see
262 should point to the address of the peer which is presenting the ticket.
266 If the client and server plan to mutually authenticate
271 should point to the local address of the file descriptor.
272 Otherwise you can set this argument to NULL.
277 should point to an allocated AUTH_DAT area.
278 It is passed to and filled in by
280 The checksum passed to the corresponding
282 is available as part of the filled-in AUTH_DAT area.
287 specifies the filename
288 which the service program should use to obtain its service key.
295 If you set this argument to "",
297 looks for the service key in the file
300 If the client and server are performing mutual authenication,
304 should point to an allocated Key_schedule.
305 Otherwise it is ignored and may be NULL.
309 argument should point to a character array of at least KSEND_VNO_LEN
310 characters. It is filled in with the version string passed by the client to
313 .SH KRB_NET_WRITE AND KRB_NET_READ
318 emulates the write(2) system call, but guarantees that all data
319 specified is written to
321 before returning, unless an error condition occurs.
326 emulates the read(2) system call, but guarantees that the requested
327 amount of data is read from
329 before returning, unless an error condition occurs.
337 will not work properly on sockets set to non-blocking I/O mode.
341 krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
344 John T. Kohl, MIT Project Athena
346 Copyright 1988, Massachusetts Instititute of Technology.
347 For copying and distribution information,
348 please see the file <mit-copyright.h>.