KRB5_KEYTAB(3) UNIX Programmer's Manual KRB5_KEYTAB(3) NNAAMMEE kkrrbb55__kktt__ooppss, kkrrbb55__kkeeyyttaabb__eennttrryy, kkrrbb55__kktt__ccuurrssoorr, kkrrbb55__kktt__aadddd__eennttrryy, kkrrbb55__kktt__cclloossee, kkrrbb55__kktt__ccoommppaarree, kkrrbb55__kktt__ccooppyy__eennttrryy__ccoonntteennttss, kkrrbb55__kktt__ddeeffaauulltt, kkrrbb55__kktt__ddeeffaauulltt__nnaammee, kkrrbb55__kktt__eenndd__sseeqq__ggeett, kkrrbb55__kktt__ffrreeee__eennttrryy, kkrrbb55__kktt__ggeett__eennttrryy, kkrrbb55__kktt__ggeett__nnaammee, kkrrbb55__kktt__ggeett__ttyyppee, kkrrbb55__kktt__nneexxtt__eennttrryy, kkrrbb55__kktt__rreeaadd__sseerrvviiccee__kkeeyy, kkrrbb55__kktt__rreeggiisstteerr, kkrrbb55__kktt__rreemmoovvee__eennttrryy, kkrrbb55__kktt__rreessoollvvee, kkrrbb55__kktt__ssttaarrtt__sseeqq__ggeett - manage keytab (key storage) files LLIIBBRRAARRYY Kerberos 5 Library (libkrb5, -lkrb5) SSYYNNOOPPSSIISS _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__aadddd__eennttrryy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__cclloossee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d) _k_r_b_5___b_o_o_l_e_a_n kkrrbb55__kktt__ccoommppaarree(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l, _k_r_b_5___k_v_n_o _v_n_o, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ccooppyy__eennttrryy__ccoonntteennttss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _c_o_n_s_t _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_i_n, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_o_u_t) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ddeeffaauulltt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _*_i_d) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ddeeffaauulltt__nnaammee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _c_h_a_r _*_n_a_m_e, _s_i_z_e___t _n_a_m_e_s_i_z_e) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__eenndd__sseeqq__ggeett(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___k_t___c_u_r_s_o_r _*_c_u_r_s_o_r) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ffrreeee__eennttrryy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ggeett__eennttrryy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l, _k_r_b_5___k_v_n_o _k_v_n_o, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ggeett__nnaammee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b, _c_h_a_r _*_n_a_m_e, _s_i_z_e___t _n_a_m_e_s_i_z_e) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ggeett__ttyyppee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b, _c_h_a_r _*_p_r_e_f_i_x, _s_i_z_e___t _p_r_e_f_i_x_s_i_z_e) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__nneexxtt__eennttrryy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y, _k_r_b_5___k_t___c_u_r_s_o_r _*_c_u_r_s_o_r) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__rreeaadd__sseerrvviiccee__kkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_o_i_n_t_e_r _k_e_y_p_r_o_c_a_r_g, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l, _k_r_b_5___k_v_n_o _v_n_o, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e, _k_r_b_5___k_e_y_b_l_o_c_k _*_*_k_e_y) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__rreeggiisstteerr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _c_o_n_s_t _k_r_b_5___k_t___o_p_s _*_o_p_s) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__rreemmoovvee__eennttrryy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___k_e_y_t_a_b___e_n_t_r_y _*_e_n_t_r_y) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__rreessoollvvee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _c_o_n_s_t _c_h_a_r _*_n_a_m_e, _k_r_b_5___k_e_y_t_a_b _*_i_d) _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__kktt__ssttaarrtt__sseeqq__ggeett(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_e_y_t_a_b _i_d, _k_r_b_5___k_t___c_u_r_s_o_r _*_c_u_r_s_o_r) DDEESSCCRRIIPPTTIIOONN A keytab name is on the form type:residual. The residual part is specific to each keytab-type. When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is ffiillee. The default value can be changed in the configuration file _/_e_t_c_/_k_r_b_5_._c_o_n_f by setting the variable [defaults]default_keytab_name. The keytab types that are implemented in Heimdal are: ffiillee store the keytab in a file, the type's name is KEYFILE. The residual part is a filename. kkeeyyffiillee store the keytab in a AFS keyfile (usually _/_u_s_r_/_a_f_s_/_e_t_c_/_K_e_y_F_i_l_e), the type's name is AFSKEYFILE. The residual part is a filename. kkrrbb44 the keytab is a Kerberos 4 _s_r_v_t_a_b that is on-the-fly converted to a keytab. The type's name is krb4. The residual part is a file- name. mmeemmoorryy The keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored on disk. The type's name is MEMORY. There are no residual part, the only pointer back to the keytab is the _i_d returned by kkrrbb55__kktt__rreessoollvvee(). kkrrbb55__kkeeyyttaabb__eennttrryy holds all data for an entry in a keytab file, like principal name, key-type, key, key-version number, etc. kkrrbb55__kktt__ccuurrssoorr holds the current position that is used when iterating through a keytab entry with kkrrbb55__kktt__ssttaarrtt__sseeqq__ggeett(), kkrrbb55__kktt__nneexxtt__eennttrryy(), and kkrrbb55__kktt__eenndd__sseeqq__ggeett(). kkrrbb55__kktt__ooppss contains the different operations that can be done to a keytab. This structure is normally only used when doing a new keytab-type implementation. kkrrbb55__kktt__rreessoollvvee() is the equivalent of an open(2) on keytab. Resolve the keytab name in _n_a_m_e into a keytab in _i_d. Returns 0 or an error. The oppo- site of kkrrbb55__kktt__rreessoollvvee() is kkrrbb55__kktt__cclloossee(). kkrrbb55__kktt__cclloossee() frees all resources allocated to the keytab. kkrrbb55__kktt__ddeeffaauulltt() sets the argument _i_d to the default keytab. Returns 0 or an error. kkrrbb55__kktt__ddeeffaauulltt__nnaammee() copy the name of the default keytab into _n_a_m_e. Re- turn 0 or KRB5_CONFIG_NOTENUFSPACE if _n_a_m_e_s_i_z_e is too short. kkrrbb55__kktt__aadddd__eennttrryy() Add a new _e_n_t_r_y to the keytab _i_d. KRB5_KT_NOWRITE is returned if the keytab is a readonly keytab. kkrrbb55__kktt__ccoommppaarree() compares the passed in _e_n_t_r_y against _p_r_i_n_c_i_p_a_l, _v_n_o, and _e_n_c_t_y_p_e. Any of _p_r_i_n_c_i_p_a_l, _v_n_o or _e_n_c_t_y_p_e might be 0 which acts as a wildcard. Return TRUE if they compare the same, FALSE otherwise. kkrrbb55__kktt__ccooppyy__eennttrryy__ccoonntteennttss() copies the contents of _i_n into _o_u_t. Returns 0 or an error. kkrrbb55__kktt__ggeett__nnaammee() retrieves the name of the keytab _k_e_y_t_a_b into _n_a_m_e, _n_a_m_e_s_i_z_e. Returns 0 or an error. kkrrbb55__kktt__ggeett__ttyyppee() retrieves the type of the keytab _k_e_y_t_a_b and store the prefix/name for type of the keytab into _p_r_e_f_i_x, _p_r_e_f_i_x_s_i_z_e. The prefix will have the maximum length of KRB5_KT_PREFIX_MAX_LEN (including termi- nating NUL). Returns 0 or an error. kkrrbb55__kktt__ffrreeee__eennttrryy() frees the contents of _e_n_t_r_y. kkrrbb55__kktt__ssttaarrtt__sseeqq__ggeett() sets _c_u_r_s_o_r to point at the beginning of _i_d. Re- turns 0 or an error. kkrrbb55__kktt__nneexxtt__eennttrryy() gets the next entry from _i_d pointed to by _c_u_r_s_o_r and advance the _c_u_r_s_o_r. Returns 0 or an error. kkrrbb55__kktt__eenndd__sseeqq__ggeett() releases all resources associated with _c_u_r_s_o_r. kkrrbb55__kktt__ggeett__eennttrryy() retrieves the keytab entry for _p_r_i_n_c_i_p_a_l, _k_v_n_o_, _e_n_c_t_y_p_e into _e_n_t_r_y from the keytab _i_d. Returns 0 or an error. kkrrbb55__kktt__rreeaadd__sseerrvviiccee__kkeeyy() reads the key identified by (_p_r_i_n_c_i_p_a_l, _v_n_o, _e_n_c_t_y_p_e) from the keytab in _k_e_y_p_r_o_c_a_r_g (the default if == NULL) into _*_k_e_y. Returns 0 or an error. kkrrbb55__kktt__rreemmoovvee__eennttrryy() removes the entry _e_n_t_r_y from the keytab _i_d. Re- turns 0 or an error. kkrrbb55__kktt__rreeggiisstteerr() registers a new keytab type _o_p_s. Returns 0 or an er- ror. EEXXAAMMPPLLEE This is a minimalistic version of kkttuuttiill. int main (int argc, char **argv) { krb5_context context; krb5_keytab keytab; krb5_kt_cursor cursor; krb5_keytab_entry entry; krb5_error_code ret; char *principal; if (krb5_init_context (&context) != 0) errx(1, "krb5_context"); ret = krb5_kt_default (context, &keytab); if (ret) krb5_err(context, 1, ret, "krb5_kt_default"); ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret) krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ krb5_unparse_name_short(context, entry.principal, &principal); printf("principal: %s\n", principal); free(principal); krb5_kt_free_entry(context, &entry); } ret = krb5_kt_end_seq_get(context, keytab, &cursor); if (ret) krb5_err(context, 1, ret, "krb5_kt_end_seq_get"); krb5_free_context(context); return 0; } SSEEEE AALLSSOO krb5.conf(5), kerberos(8) HEIMDAL February 5, 2001 4