krb5_error_code
krb5_mk_req(
krb5_context context
krb5_auth_context *auth_context
const krb5_flags ap_req_options
const char *service
const char *hostname
krb5_data *in_data
krb5_ccache ccache
krb5_data *outbuf
)
krb5_error_code
krb5_mk_req_extended(
krb5_context context
krb5_auth_context *auth_context
const krb5_flags ap_req_options
krb5_data *in_data
krb5_creds *in_creds
krb5_data *outbuf
)
krb5_error_code
krb5_rd_req(
krb5_context context
krb5_auth_context *auth_context
const krb5_data *inbuf
krb5_const_principal server
krb5_keytab keytab
krb5_flags *ap_req_options
krb5_ticket **ticket
)
krb5_error_code
krb5_build_ap_req(
krb5_context context
krb5_enctype enctype
krb5_creds *cred
krb5_flags ap_options
krb5_data authenticator
krb5_data *retdata
)
krb5_error_code
krb5_verify_ap_req(
krb5_context context
krb5_auth_context *auth_context
krb5_ap_req *ap_req
krb5_const_principal server
krb5_keyblock *keyblock
krb5_flags flags
krb5_flags *ap_req_options
krb5_ticket **ticket
)
The
krb5_mk_req
and
krb5_mk_req_extended
creates the Kerberos message
KRB_AP_REQ
that is sent from the client to the server as the first packet in a client/server exchange. The result that should be sent to server is stored in
outbuf
.
auth_context
should be allocated with
krb5_auth_con_init()
or
NULL
passed in, in that case, it will be allocated and freed internally.
The input data
in_data
will have a checksum calculated over it and checksum will be
transported in the message to the server.
ap_req_options
can be set to one or more of the following flags:
AP_OPTS_USE_SESSION_KEY
AP_OPTS_MUTUAL_REQUIRED
The
krb5_rd_req
read the AP_REQ in
inbuf
and verify and extract the content.
If
server
is specified, that server will be fetched from the
keytab
and used unconditionally.
If
server
is
NULL
,
the
keytab
will be search for a matching principal.
The
keytab
argument specifies what keytab to search for receiving principals.
The arguments
ap_req_options
and
ticket
returns the content.
When the AS-REQ is a user to user request, neither of
keytab
or
principal
are used, instead
krb5_rd_req()
expects the session key to be set in
auth_context
.
The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify the AP_REQ message, should not be used by external code.