diff options
Diffstat (limited to 'crypto/krb5/doc/html/plugindev/certauth.html')
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/certauth.html | 170 |
1 files changed, 0 insertions, 170 deletions
diff --git a/crypto/krb5/doc/html/plugindev/certauth.html b/crypto/krb5/doc/html/plugindev/certauth.html deleted file mode 100644 index 881f74897c8d..000000000000 --- a/crypto/krb5/doc/html/plugindev/certauth.html +++ /dev/null @@ -1,170 +0,0 @@ - -<!DOCTYPE html> - -<html> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" /> - - <title>PKINIT certificate authorization interface (certauth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css" /> - <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script> - <script src="../_static/jquery.js"></script> - <script src="../_static/underscore.js"></script> - <script src="../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="KDC policy interface (kdcpolicy)" href="kdcpolicy.html" /> - <link rel="prev" title="Internal pluggable interfaces" href="internal.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="internal.html" title="Internal pluggable interfaces" - accesskey="P">previous</a> | - <a href="kdcpolicy.html" title="KDC policy interface (kdcpolicy)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__PKINIT certificate authorization interface (certauth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="pkinit-certificate-authorization-interface-certauth"> -<span id="certauth-plugin"></span><h1>PKINIT certificate authorization interface (certauth)<a class="headerlink" href="#pkinit-certificate-authorization-interface-certauth" title="Permalink to this headline">¶</a></h1> -<p>The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/certauth_plugin.h></span></code></p> -<p>A certauth module implements the <strong>authorize</strong> method to determine -whether a client’s certificate is authorized to authenticate a client -principal. <strong>authorize</strong> receives the DER-encoded certificate, the -requested client principal, and a pointer to the client’s -krb5_db_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket.</p> -<p>Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -<strong>KRB5_CERTAUTH_HWAUTH</strong>. Beginning in release 1.20, the authorize -method can return <strong>KRB5_CERTAUTH_HWAUTH_PASS</strong> to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library-provided ASN.1 certificate decoder.</p> -<p>A module can optionally create and destroy module data with the -<strong>init</strong> and <strong>fini</strong> methods. Module data objects last for the -lifetime of the KDC process.</p> -<p>If a module allocates and returns a list of authentication indicators -from <strong>authorize</strong>, it must also implement the <strong>free_ind</strong> method -to free the list.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">PKINIT certificate authorization interface (certauth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.21.3</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2024, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="internal.html" title="Internal pluggable interfaces" - >previous</a> | - <a href="kdcpolicy.html" title="KDC policy interface (kdcpolicy)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__PKINIT certificate authorization interface (certauth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |