HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_recvauth — Receive authenticated message

  Table of Contents

  Glossary

  Index

C Prototype

krb5_error_code krb5_recvauth(
krb5_context context,
krb5_auth_context *auth_context,
krb5_pointer fd,
char *appl_version,
krb5_principal server,
krb5_int32 flags,
krb5_keytab keytab,
krb5_ticket **ticket );

Arguments

context (input/output) 

The context structure.

auth_context (input/output) 

Authentication context.

fd (input) 

A pointer to a file descriptor describing the network socket.

appl_version (input) 

A string describing the application protocol version that the client is expecting to use for this exchange. If the client is using a different application protocol, an error will be returned, and the authentication exchange will be aborted.

server (input) 

If server is nonNULL, then krb5_recvauth verifies that the server principal requested by the client matches server. If not, an error will be returned and the authentication exchange will be aborted.

flags (input) 

The flags argument allows the caller to modify the behavior of krb5_recvauth. For nonlibrary callers, flags should be 0.

keytab (input)  

Specifies a keytab containing a decryption key.

ticket (output) 

Ticket is optional and is only filled in if nonNULL. It is filled with the data from the ticket sent by the client, and should be freed with krb5_free_ticket when it is no longer needed.

Description

This routine provides a convenient means for client and server programs to send authenticated messages to one another through network connections. The krb5_sendauth routine is the matching routine to krb5_recvauth for the server. The krb5_recvauth routine will engage in an authentication dialog with the client program running krb5_sendauth to authenticate the client to the server. In addition, if requested by the client, krb5_recvauth will provide mutual authentication to prove to the client that the server represented by krb5_recvauth is legitimate.

The fd argument is a pointer to the network connection. As in krb5_sendauth, in the MIT UNIX and OpenVMS implementations, fd is a pointer to a file descriptor.

The arguments server, auth_context, and keytab are used by krb5_rd_req to obtain the server's private key.

If server is nonNULL, the principal component of it is used to determine the replay cache to use. Otherwise, krb5_recvauth will use a default replay cache.

Return Values

This routine returns the following KRB5 status code:

0

Successful completion.