HP Open Source Security for OpenVMS Volume 3: Kerberos

Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

  Table of Contents

  Glossary

  Index

Table of Contents

krb5_425_conv_principal — Convert a Kerberos V4 principal name to V5 format
C Prototype
Arguments
Description
Return Values
krb5_524_conv_principal — Separate a Kerberos V5 principal into components
C Prototype
Arguments
Description
Return Values
krb5_524_convert_creds — Convert Kerberos V5 credentials to V4
C Prototype
Arguments
Description
Return Values
krb5_address_compare — Compare two addresses
C Prototype
Arguments
Description
Return Values
krb5_address_order — Return an ordering of two addresses
C Prototype
Arguments
Description
Return Values
krb5_address_search — Search for address in address list
C Prototype
Arguments
Description
Return Values
krb5_aname_to_localname — Convert a principal name to a local name
C Prototype
Arguments
Description
Return Values
krb5_appdefault_boolean — Check Boolean values in appdefault
C Prototype
Arguments
Description
Return Values
krb5_appdefault_string — Check string values in appdefault
C Prototype
Arguments
Description
Return Values
krb5_auth_con_free — Free auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_genaddrs — Get full IP address from address and port
C Prototype
Arguments
Description
Return Values
krb5_auth_con_get_checksum_func — Get the checksum function and data structure
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getrcache — Get the rcache element from the auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getaddrs — Retrieve address fields from the auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getauthenticator — Retrieve authenticator used during mutual authentication
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getflags — Retrieve the flags in auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getkey — Retrieve keyblock from auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getlocalseqnumber — Retrieve and store the local sequence number
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getrecvsubkey — Retrieve the recv_subkey keyblock from auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getremoteseqnumber — Retrieve and store the remote sequence number
C Prototype
Arguments
Description
Return Values
krb5_auth_con_getsendsubkey — Retrieve the send_subkey keyblock from auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_init — Initialize the auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_set_checksum_func — Set the checksum function and data structure
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setaddrs — Set address fields in auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setflags — Set the flags in auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setports — Set port fields in the auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setrcache — Set the replay cache
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setrecvsubkey — Set the recv_subkey keyblock in auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setsendsubkey — Set the send_subkey keyblock in auth_context
C Prototype
Arguments
Description
Return Values
krb5_auth_con_setuseruserkey — Set keyblock field in auth_context to temporary key
C Prototype
Arguments
Description
Return Values
krb5_build_principal — Build a principal name
C Prototype
Arguments
Description
Return Values
krb5_build_principal_va — Fill in pointer to principal structure
C Prototype
Arguments
Description
Return Values
krb5_c_block_size — Get the block size for the given encryption type
C Prototype
Arguments
Description
Return Values
krb5_c_checksum_length — Get the checksum length for a checksum type
C Prototype
Arguments
Description
Return Values
krb5_c_decrypt — Decrypt encrypted data
C Prototype
Arguments
Description
Return Values
krb5_c_encrypt — Encrypt data
C Prototype
Arguments
Description
Return Values
krb5_c_encrypt_length — Get the length of encrypted data
C Prototype
Arguments
Description
Return Values
krb5_c_enctype_compare — Compare two encryption types
C Prototype
Arguments
Description
Return Values
krb5_c_is_coll_proof_cksum — Test to see if a checksum is collision proof
C Prototype
Arguments
Description
Return Values
krb5_c_is_keyed_cksum — Test to see if a checksum uses derived keys
C Prototype
Arguments
Description
Return Values
krb5_c_keyed_checksum_types — Get a list of derived key checksums
C Prototype
Arguments
Description
Return Values
krb5_c_make_checksum — Compute a checksum
C Prototype
Arguments
Description
Return Values
krb5_c_make_random_key — Generate a random key
C Prototype
Arguments
Description
Return Values
krb5_c_random_make_octets — Create random data
C Prototype
Arguments
Description
Return Values
krb5_c_random_seed — Get a random seed
C Prototype
Arguments
Description
Return Values
krb5_c_string_to_key — Convert a string to a key
C Prototype
Arguments
Description
Return Values
krb5_c_string_to_key_with_params — Convert string key to keyblock
C Prototype
Arguments
Description
Return Values
krb5_c_valid_cksumtype — Validate a checksum type
C Prototype
Arguments
Description
Return Values
krb5_c_valid_enctype — Validate an encryption type
C Prototype
Arguments
Description
Return Values
krb5_c_verify_checksum — Verify a checksum
C Prototype
Arguments
Description
Return Values
krb5_cc_close — Close the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_copy_creds — Copy a set of credentials
C Prototype
Arguments
Description
Return Values
krb5_cc_default — Resolve the default credentials cache name
C Prototype
Arguments
Description
Return Values
krb5_cc_default_name — Return the name of the default credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_destroy — Destroy a credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_end_seq_get — Finish processing credentials cache entries
C Prototype
Arguments
Description
Return Values
krb5_cc_gen_new — Generate a new credentials cache identifier
C Prototype
Arguments
Description
Return Values
krb5_cc_get_name — Return the name of the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_get_principal — Retrieve the primary principal of the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_get_type — Return the CC prefix
C Prototype
Arguments
Description
Return Values
krb5_cc_initialize — Create/refresh a credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_next_cred — Fetch the next credentials entry
C Prototype
Arguments
Description
Return Values
krb5_cc_remove_cred — Remove credentials from the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_resolve — Resolve a credentials cache name
C Prototype
Arguments
Description
Return Values
krb5_cc_retrieve_cred — Search the cache for a credential and return it if found
C Prototype
Arguments
Description
Return Values
krb5_cc_set_default_name — Set default CC name
C Prototype
Arguments
Description
Return Values
krb5_cc_set_flags — Set the flags on the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_cc_start_seq_get — Start sequential read of cached credentials
C Prototype
Arguments
Description
Return Values
krb5_cc_store_cred — Store a credential in the credentials cache
C Prototype
Arguments
Description
Return Values
krb5_change_password — Change an existing password
C Prototype
Arguments
Description
Return Values
krb5_cksumtype_to_string — Convert checksum type to string representation
C Prototype
Arguments
Description
Return Values
krb5_copy_addresses — Copy Kerberos addresses
C Prototype
Arguments
Description
Return Values
krb5_copy_authdata — Copy a Kerberos authdata structure
C Prototype
Arguments
Description
Return Values
krb5_copy_authenticator — Copy an authenticator structure
C Prototype
Arguments
Description
Return Values
krb5_copy_checksum — Copy a checksum structure
C Prototype
Arguments
Description
Return Values
krb5_copy_creds — Copy a credentials structure
C Prototype
Arguments
Description
Return Values
krb5_copy_data — Copy a Kerberos data structure
C Prototype
Arguments
Description
Return Values
krb5_copy_keyblock — Copy a keyblock
C Prototype
Arguments
Description
Return Values
krb5_copy_keyblock_contents — Copy a keyblock’s contents
C Prototype
Arguments
Description
Return Values
krb5_copy_principal — Copy a principal structure
C Prototype
Arguments
Description
Return Values
krb5_copy_ticket — Copy a Kerberos ticket structure
C Prototype
Arguments
Description
Return Values
krb5_decode_ticket — Decode a formatted ticket
C Prototype
Arguments
Description
Return Values
krb5_deltat_to_string — Convert a Kerberos relative time value to a string
C Prototype
Arguments
Description
Return Values
krb5_enctype_to_string — Convert a Kerberos encryption type value to a string
C Prototype
Arguments
Description
Return Values
krb5_free_addresses — Free a group of addresses
C Prototype
Arguments
Description
Return Values
krb5_free_ap_rep_enc_part — Free subkey and other data allocated by krb5_rd_rep or krb5_send_auth
C Prototype
Arguments
Description
Return Values
krb5_free_authdata — Free an authdata structure
C Prototype
Arguments
Description
Return Values
krb5_free_authenticator — Free authenticator storage
C Prototype
Arguments
Description
Return Values
krb5_free_checksum — Free a checksum
C Prototype
Arguments
Description
Return Values
krb5_free_checksum_contents — Free the contents of a checksum structure
C Prototype
Arguments
Description
Return Values
krb5_free_cksumtypes — Free a checksum structure
C Prototype
Arguments
Description
Return Values
krb5_free_context — Free a context structure
C Prototype
Arguments
Description
Return Values
krb5_free_creds — Free credentials
C Prototype
Arguments
Description
Return Values
krb5_free_cred_contents — Free credential structures
C Prototype
Arguments
Description
Return Values
krb5_free_data — Free storage associated with a krb5_data object
C Prototype
Arguments
Description
Return Values
krb5_free_data_contents — Frees contents of a krb5_data structure
C Prototype
Arguments
Description
Return Values
krb5_free_default_realm — Free the Kerberos default realm structure
C Prototype
Arguments
Description
Return Values
krb5_free_error — Free error information
C Prototype
Arguments
Description
Return Values
krb5_free_host_realm — Free storage allocated by krb5_get_host_realm
C Prototype
Arguments
Description
Return Values
krb5_free_keyblock — Free keyblock memory
C Prototype
Arguments
Description
Return Values
krb5_free_keyblock_contents — Free the contents of a key structure
C Prototype
Arguments
Description
Return Values
krb5_free_keytab_entry_contents — Free the contents of a keytab entry
C Prototype
Arguments
Description
Return Values
krb5_free_principal — Free the pwd_data allocated by krb5_copy_principal
C Prototype
Arguments
Description
Return Values
krb5_free_tgt_creds — Free TGT credentials
C Prototype
Arguments
Description
Return Values
krb5_free_ticket — Free ticket allocated by krb5_copy_ticket
C Prototype
Arguments
Description
Return Values
krb5_free_unparsed_name — Free a simple name
C Prototype
Arguments
Description
Return Values
krb5_fwd_tgt_creds — Get a TGT for use at a remote host
C Prototype
Arguments
Description
Return Values
krb5_get_credentials — Get an additional ticket for the client
C Prototype
Arguments
Description
Return Values
krb5_get_credentials_renew — Renew a set of existing credentials
C Prototype
Arguments
Description
Return Values
krb5_get_credentials_validate — Validate a set of existing credentials
C Prototype
Arguments
Description
Return Values
krb5_get_default_realm— Retrieve the default realm
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_keytab — Get initial credentials’ keytab
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_init — Initialize options for krb5_get_init_creds* routines
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_address_list — Set the address list in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_etype_list — Set the encryption list field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_forwardable — Set the forwardable field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_preauth_list — Set the preauth_list field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_proxiable — Set the proxiable field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_renew_life — Set the renewal lifetime field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_salt — Set the salt field in krb5_get_init_creds_opt
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_opt_set_tkt_life — Initialize the ticket lifetime for krb5_get_init_creds* routines
C Prototype
Arguments
Description
Return Values
krb5_get_init_creds_password — Get the initial credentials password
C Prototype
Arguments
Description
Return Values
krb5_get_host_realm — Get the Kerberos realm names for a host
C Prototype
Arguments
Description
Return Values
krb5_get_message — Convert an error code into the string representation
C Prototype
Arguments
Description
Return Values
krb5_get_permitted_enctypes — Return a list of supported encryption types
C Prototype
Arguments
Description
Return Values
krb5_get_prompt_types — Get prompt_types from the Kerberos context
C Prototype
Arguments
Description
Return Values
krb5_get_renewed_creds — Renew existing credentials
C Prototype
Arguments
Description
Return Values
krb5_get_server_rcache — Create a replay cache for server use
C Prototype
Arguments
Description
Return Values
krb5_get_time_offsets — Get the time offsets from the os context
C Prototype
Arguments
Description
Return Values
krb5_get_validated_creds — Get validated credentials
C Prototype
Arguments
Description
Return Values
krb5_init_context — Initialize a Kerberos context structure
C Prototype
Arguments
Description
Return Values
krb5_init_keyblock — Set up an empty keyblock
C Prototype
Arguments
Description
Return Values
krb5_init_secure_context — Initialize a secure Kerberos context block
C Prototype
Arguments
Description
Return Values
krb5_is_thread_safe — Check whether the Kerberos client code supports multithreading
C Prototype
Description
Return Values
krb5_kt_add_entry — Add an entry to a key table
C Prototype
Arguments
Description
Return Values
krb5_kt_close — Close a key table
C Prototype
Arguments
Description
Return Values
krb5_kt_default — Return a handle to the default keytab
C Prototype
Arguments
Description
Return Values
krb5_kt_default_name — Get default key table name
C Prototype
Arguments
Description
Return Values
krb5_kt_end_seq_get — Complete a series of sequential key table entry retrievals
C Prototype
Arguments
Description
Return Values
krb5_kt_get_entry — Retrieve an entry from the key table
C Prototype
Arguments
Description
Return Values
krb5_kt_get_name — Get key table name
C Prototype
Arguments
Description
Return Values
krb5_kt_get_type — Return the keytab prefix
C Prototype
Arguments
Description
Return Values
krb5_kt_next_entry — Retrieve the next entry from the key table
C Prototype
Arguments
Description
Return Values
krb5_kt_read_service_key — Retrieve a service key from the key table
C Prototype
Arguments
Description
Return Values
krb5_kt_remove_entry — Remove an entry from a key table
C Prototype
Arguments
Description
Return Values
krb5_kt_resolve — Get keytab handle
C Prototype
Arguments
Description
Return Values
krb5_kt_start_seq_get — Start a sequential retrieve of key table entries
C Prototype
Arguments
Description
Return Values
krb5_kuserok — Determine whether the local user is authorized to log in
C Prototype
Arguments
Description
Return Values
krb5_mk_1cred — Encode a KRB_CRED message for krb5_rd_cred
C Prototype
Arguments
Description
Return Values
krb5_mk_error — Format an error message
C Prototype
Arguments
Description
Return Values
krb5_mk_ncred — Encode a KRB_CRED message for krb5_rd_cred
C Prototype
Arguments
Description
Return Values
krb5_mk_priv — Format a KRB_PRIV message
C Prototype
Arguments
Description
Return Values
krb5_mk_rep — Format and encrypt an AP_REP message
C Prototype
Arguments
Description
Return Values
krb5_mk_req — Format a KRB_AP_REQ message
C Prototype
Arguments
Description
Return Values
krb5_mk_req_extended — Format a KRB_AP_REQ message with additional options
C Prototype
Arguments
Description
Return Values
krb5_mk_safe — Format a KRB_SAFE message
C Prototype
Arguments
Description
Return Values
krb5_os_localaddr — Return all protocol addresses of this host
C Prototype
Arguments
Description
Return Values
krb5_parse_name — Convert string principal name to protocol format
C Prototype
Arguments
Description
Return Values
krb5_principal2salt — Convert a krb5_principal into it’s default salt
C Prototype
Arguments
Description
Return Values
krb5_principal_compare — Compare two principals
C Prototype
Arguments
Description
Return Values
krb5_prompter_posix — Prompt the user for the Kerberos password
C Prototype
Arguments
Description
Return Values
krb5_rd_cred — Read a KRB_CRED message
C Prototype
Arguments
Description
Return Values
krb5_rd_error — Read an error protocol message
C Prototype
Arguments
Description
Return Values
krb5_rd_priv — Parse a KRB_PRIV message
C Prototype
Arguments
Description
Return Values
krb5_rd_rep — Parse and decrypt an AP_REP message
C Prototype
Arguments
Description
Return Values
krb5_rd_req — Parse a KRB_AP_REQ message
C Prototype
Arguments
Description
Return Values
krb5_rd_safe — Parse a KRB_SAFE message
C Prototype
Arguments
Description
Return Values
krb5_read_password — Read a password from the keyboard
C Prototype
Arguments
Description
Return Values
krb5_realm_compare — Compare the realms of two principals
C Prototype
Arguments
Description
Return Values
krb5_recvauth — Receive authenticated message
C Prototype
Arguments
Description
Return Values
krb5_recvauth_version — Receive authenticated message with version information
C Prototype
Arguments
Description
Return Values
krb5_salttype_to_string — Convert a salttype (krb5_int32) to a string
C Prototype
Arguments
Description
Return Values
krb5_sendauth — Send authenticated message
C Prototype
Arguments
Description
Return Values
krb5_set_default_realm — Sets the default realm
C Prototype
Arguments
Description
Return Values
krb5_set_default_tgs_enctypes — Set default TGS encryption types
C Prototype
Arguments
Description
Return Values
krb5_set_password — Implements set password per RFC 3244
C Prototype
Arguments
Description
Return Values
krb5_set_password_using_ccache — Implements RFC 3244 set password using credentials cache
C Prototype
Arguments
Description
Return Values
krb5_set_principal_realm — Set the realm in the current context
C Prototype
Arguments
Description
Return Values
krb5_set_real_time — Set time offset field in context structure
C Prototype
Arguments
Description
Return Values
krb5_sname_to_principal — Generate a full principal name from a service name
C Prototype
Arguments
Description
Return Values
krb5_string_to_cksumtype — Convert a string to a checksum type
C Prototype
Arguments
Description
Return Values
krb5_string_to_deltat — Convert a string to a delta time value
C Prototype
Arguments
Description
Return Values
krb5_string_to_enctype — Convert a string to an encryption type
C Prototype
Arguments
Description
Return Values
krb5_string_to_salttype — Convert a string to a salt type
C Prototype
Arguments
Description
Return Values
krb5_string_to_timestamp — Convert a string to a timestamp
C Prototype
Arguments
Description
Return Values
krb5_timestamp_to_sfstring — Convert a timestamp to a string
C Prototype
Arguments
Description
Return Values
krb5_timestamp_to_string — Convert a timestamp to a string
C Prototype
Arguments
Description
Return Values
krb5_unparse_name — Convert protocol format principal name to string format
C Prototype
Arguments
Description
Return Values
krb5_unparse_name_ext — Convert multiple protocol format principal names to string format
C Prototype
Arguments
Description
Return Values
krb5_us_timeofday — Retrieves the system time of day (in seconds and microseconds)
C Prototype
Arguments
Description
Return Values
krb5_verify_init_creds — Verify initial credentials
C Prototype
Arguments
Description
Return Values
krb5_verify_init_creds_opt_init — Initialize krb5_verify_init_creds_opt structure
C Prototype
Arguments
Description
Return Values
krb5_verify_init_creds_opt_set_ap_req_nofail — Initialize the ap_req_nofail field in krb5_verify_init_creds_opt
C Prototype
Arguments
Description
Return Values

This chapter describes the C language bindings for the routines that make up the KRB5 Application Programming Interface.

The APIs in the following list are now obsolete, and their use should be avoided. (A future version of Kerberos may remove these APIs.) The column on the right indicates the API that should be used as a substitute for the obsolete API.

Table 6-1 Obsolete and Replacement APIs

Obsolete APIReplacement API
krb5_auth_con_getlocalsubkeykrb5_auth_con_getsendsubkey
krb5_auth_con_getremotesubkeykrb5_auth_con_getrecvsubkey

krb5_auth_con_initivector

None

krb5_get_in_tkt_with_skeyNone
krb5_get_in_tkt_with_passwordkrb5_get_init_creds_password
krb5_get_in_tkt_with_keytabkrb5_get_init_creds_keytab
krb5_get_in_tktNone
 
NOTE: Additional Kerberos KRB5 APIs are not documented in this manual. The APIs themselves are included in the Kerberos for OpenVMS library (KRB$RTL.EXE for 64 bit interfaces, or KRB$RTL32.EXE for 32 bit interfaces) in SYS$LIBRARY.