HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_recvauth_version — Receive authenticated message with version information

  Table of Contents



C Prototype

krb5_error_code krb5_recvauth_version (
krb5_context context,
krb5_auth_context *auth_context,
krb5_pointer fd,
krb5_principal server,
krb5_int32 flags,
krb5_keytab keytab,
krb5_ticket **ticket,
krb5_data *version );


context (input/output) 

The context structure.

auth_context (input) 

The Kerberos authentication context.

fd (input) 

The socket from which to read the client responses.

server (input) 

If server is nonNULL , then krb5_recvauth_version verifies that the server principal requested by the client matches server. If it is NULL, an error is returned and the authentication exchange is aborted.

flags (input) 

Allows the caller to modify the behavior of krb5_recvauth_version. For nonlibrary callers, flags should be 0.

keytab (input) 

A Kerberos keytab, containing a decryption key.

ticket (output) 

Optional argument that is filled in only if nonNULL. It is filled with the data from the ticket sent by the client, and should be freed with krb5_free_ticket when it is no longer needed.

version (output) 

A pointer to the application version string.


This routine provides a convenient means for client and server programs to send authenticated messages to one another through network connections. (The k5b5_sendauth routine is the matching routine to krb5_recvauth_version for the server.)

The krb5_recvauth_version routine engages in an authentication dialog with the client program running krb5_sendauth to authenticate the client to the server. In addition, if requested by the client, krb5_recvauth_version provides mutual authentication to prove to the client that the server represented by krb5_recvauth_version is legitimate.

The fd argument is a pointer to the network connection. As in krb5_sendauth, in the MIT UNIX and OpenVMS implementations, fd is a pointer to a file descriptor.

The arguments server, auth_context, and keytab are used by krb5_rd_req to obtain the server’s private key.

If server is nonNULL, the principal component of it is used to determine the replay cache to use. Otherwise, krb5_recvauth_version uses a default replay cache.

Return Values

This routine returns one of the following KRB5 status codes:


Successful completion.


Bad sendauth version was sent.


Bad application version was sent (via sendauth).