HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_mk_priv — Format a KRB_PRIV message

  Table of Contents



C Prototype

krb5_error_code krb5_mk_priv(
krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
krb5_data *outbuf,
krb5_replay_data *outdata );


context (input/output) 

The context structure.

auth_context (input/output) 

Authentication context. The flags from auth_context select whether sequence numbers or timestamps should be used to identify the message. Valid values are:

KRB5_AUTH_CONTEXT_DO_TIME — Use timestamps and replay cache.

KRB5_AUTH_CONTEXT_RET_TIME — Copy timestamp to *outdata.

KRB5_AUTH_CONTEXT_DO_SEQUENCE — Use sequence numbers in replay cache.

KRB5_AUTH_CONTEXT_RET_SEQUENCE — Use sequence numbers in replay cache and output data.

userdata (input) 

The user data in the message.

outbuf (output) 

The formatted KRB_PRIV buffer.

outdata (input/output) 

Contains the sequence numbers if KRB5_AUTH_CONTEXT_RET_SEQUENCE was specified in auth_context.


This routine formats a KRB_PRIV message into outbuf. Behaves similarly to krb5_mk_safe, but the message is encrypted and integrity protected rather than just integrity-protected.

The inbuf, auth_context, outdata and outbuf arguments function as in krb5_mk_safe.

As in krb5_mk_safe, the remote_addr and remote_port part of the auth_context is optional; if the receiver's address is not known, it may be replaced by NULL. The local_addr, however, is mandatory.

The encryption type is taken from the auth_context keyblock portion. If the i_vector portion of the auth_context is nonNULL, it is used as an initialization vector for the encryption (if the chosen encryption type supports initialization vectors), and its contents are replaced with the last block of encrypted data upon return.

Return Values

This routine returns one of the following KRB5 status codes:


Successful completion.