krb5_error_code
krb5_mk_req(
krb5_context context
krb5_auth_context *auth_context
const krb5_flags ap_req_options
const char *service
const char *hostname
krb5_data *in_data
krb5_ccache ccache
krb5_data *outbuf
)
krb5_error_code
krb5_mk_req_extended(
krb5_context context
krb5_auth_context *auth_context
const krb5_flags ap_req_options
krb5_data *in_data
krb5_creds *in_creds
krb5_data *outbuf
)
krb5_error_code
krb5_rd_req(
krb5_context context
krb5_auth_context *auth_context
const krb5_data *inbuf
krb5_const_principal server
krb5_keytab keytab
krb5_flags *ap_req_options
krb5_ticket **ticket
)
krb5_error_code
krb5_build_ap_req(
krb5_context context
krb5_enctype enctype
krb5_creds *cred
krb5_flags ap_options
krb5_data authenticator
krb5_data *retdata
)
krb5_error_code
krb5_verify_ap_req(
krb5_context context
krb5_auth_context *auth_context
krb5_ap_req *ap_req
krb5_const_principal server
krb5_keyblock *keyblock
krb5_flags flags
krb5_flags *ap_req_options
krb5_ticket **ticket
)
The
krb5_mk_req
and
krb5_mk_req_extended
creates the Kerberos message
KRB_AP_REQ
that is sent from the client to the server as the first packet in a client/server exchange. The result that should be sent to server is stored in
outbuf.
auth_context
should be allocated with
krb5_auth_con_init()
or
NULL
passed in, in that case, it will be allocated and freed internally.
The input data
in_data
will have a checksum calculated over it and checksum will be
transported in the message to the server.
ap_req_options
can be set to one or more of the following flags:
AP_OPTS_USE_SESSION_KEYAP_OPTS_MUTUAL_REQUIRED
The
krb5_rd_req
read the AP_REQ in
inbuf
and verify and extract the content.
If
server
is specified, that server will be fetched from the
keytab
and used unconditionally.
If
server
is
NULL,
the
keytab
will be search for a matching principal.
The
keytab
argument specifies what keytab to search for receiving principals.
The arguments
ap_req_options
and
ticket
returns the content.
When the AS-REQ is a user to user request, neither of
keytab
or
principal
are used, instead
krb5_rd_req()
expects the session key to be set in
auth_context.
The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify the AP_REQ message, should not be used by external code.