diff options
Diffstat (limited to 'crypto/krb5/doc/html/plugindev')
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/ccselect.html | 158 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/certauth.html | 168 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/clpreauth.html | 185 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/general.html | 240 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/gssapi.html | 257 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/hostrealm.html | 168 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/index.html | 183 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/internal.html | 169 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/kadm5_auth.html | 167 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/kadm5_hook.html | 160 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/kdcpolicy.html | 158 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/kdcpreauth.html | 205 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/localauth.html | 174 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/locate.html | 163 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/profile.html | 227 | ||||
| -rw-r--r-- | crypto/krb5/doc/html/plugindev/pwqual.html | 159 |
16 files changed, 0 insertions, 2941 deletions
diff --git a/crypto/krb5/doc/html/plugindev/ccselect.html b/crypto/krb5/doc/html/plugindev/ccselect.html deleted file mode 100644 index cbb00ae3bfae..000000000000 --- a/crypto/krb5/doc/html/plugindev/ccselect.html +++ /dev/null @@ -1,158 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Credential cache selection interface (ccselect) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Password quality interface (pwqual)" href="pwqual.html" /> - <link rel="prev" title="KDC preauthentication interface (kdcpreauth)" href="kdcpreauth.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" - accesskey="P">previous</a> | - <a href="pwqual.html" title="Password quality interface (pwqual)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache selection interface (ccselect)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="credential-cache-selection-interface-ccselect"> -<span id="ccselect-plugin"></span><h1>Credential cache selection interface (ccselect)<a class="headerlink" href="#credential-cache-selection-interface-ccselect" title="Link to this heading">¶</a></h1> -<p>The ccselect interface allows modules to control how credential caches -are chosen when a GSSAPI client contacts a service. For a detailed -description of the ccselect interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/ccselect_plugin.h></span></code>.</p> -<p>The primary ccselect method is <strong>choose</strong>, which accepts a server -principal as input and returns a ccache and/or principal name as -output. A module can use the krb5_cccol APIs to iterate over the -cache collection in order to find an appropriate ccache to use.</p> -<p>A module can create and destroy per-library-context state objects by -implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have -the type krb5_ccselect_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.</p> -<p>A module can have one of two priorities, “authoritative” or -“heuristic”. Results from authoritative modules, if any are -available, will take priority over results from heuristic modules. A -module communicates its priority as a result of the <strong>init</strong> method.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Credential cache selection interface (ccselect)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" - >previous</a> | - <a href="pwqual.html" title="Password quality interface (pwqual)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache selection interface (ccselect)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/certauth.html b/crypto/krb5/doc/html/plugindev/certauth.html deleted file mode 100644 index f9dc896f770d..000000000000 --- a/crypto/krb5/doc/html/plugindev/certauth.html +++ /dev/null @@ -1,168 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>PKINIT certificate authorization interface (certauth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="KDC policy interface (kdcpolicy)" href="kdcpolicy.html" /> - <link rel="prev" title="Internal pluggable interfaces" href="internal.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="internal.html" title="Internal pluggable interfaces" - accesskey="P">previous</a> | - <a href="kdcpolicy.html" title="KDC policy interface (kdcpolicy)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__PKINIT certificate authorization interface (certauth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="pkinit-certificate-authorization-interface-certauth"> -<span id="certauth-plugin"></span><h1>PKINIT certificate authorization interface (certauth)<a class="headerlink" href="#pkinit-certificate-authorization-interface-certauth" title="Link to this heading">¶</a></h1> -<p>The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/certauth_plugin.h></span></code></p> -<p>A certauth module implements the <strong>authorize</strong> method to determine -whether a client’s certificate is authorized to authenticate a client -principal. <strong>authorize</strong> receives the DER-encoded certificate, the -requested client principal, and a pointer to the client’s -krb5_db_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket.</p> -<p>Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -<strong>KRB5_CERTAUTH_HWAUTH</strong>. Beginning in release 1.20, the authorize -method can return <strong>KRB5_CERTAUTH_HWAUTH_PASS</strong> to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library-provided ASN.1 certificate decoder.</p> -<p>A module can optionally create and destroy module data with the -<strong>init</strong> and <strong>fini</strong> methods. Module data objects last for the -lifetime of the KDC process.</p> -<p>If a module allocates and returns a list of authentication indicators -from <strong>authorize</strong>, it must also implement the <strong>free_ind</strong> method -to free the list.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">PKINIT certificate authorization interface (certauth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="internal.html" title="Internal pluggable interfaces" - >previous</a> | - <a href="kdcpolicy.html" title="KDC policy interface (kdcpolicy)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__PKINIT certificate authorization interface (certauth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/clpreauth.html b/crypto/krb5/doc/html/plugindev/clpreauth.html deleted file mode 100644 index cfbcfa6c19d2..000000000000 --- a/crypto/krb5/doc/html/plugindev/clpreauth.html +++ /dev/null @@ -1,185 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Client preauthentication interface (clpreauth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="KDC preauthentication interface (kdcpreauth)" href="kdcpreauth.html" /> - <link rel="prev" title="General plugin concepts" href="general.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="general.html" title="General plugin concepts" - accesskey="P">previous</a> | - <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Client preauthentication interface (clpreauth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="client-preauthentication-interface-clpreauth"> -<h1>Client preauthentication interface (clpreauth)<a class="headerlink" href="#client-preauthentication-interface-clpreauth" title="Link to this heading">¶</a></h1> -<p>During an initial ticket request, a KDC may ask a client to prove its -knowledge of the password before issuing an encrypted ticket, or to -use credentials other than a password. This process is called -preauthentication, and is described in <span class="target" id="index-0"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4120.html"><strong>RFC 4120</strong></a> and <span class="target" id="index-1"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6113.html"><strong>RFC 6113</strong></a>. -The clpreauth interface allows the addition of client support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the clpreauth -interface, see the header file <code class="docutils literal notranslate"><span class="pre"><krb5/clpreauth_plugin.h></span></code> (or -<code class="docutils literal notranslate"><span class="pre"><krb5/preauth_plugin.h></span></code> before release 1.12).</p> -<p>A clpreauth module is generally responsible for:</p> -<ul class="simple"> -<li><p>Supplying a list of preauth type numbers used by the module in the -<strong>pa_type_list</strong> field of the vtable structure.</p></li> -<li><p>Indicating what kind of preauthentication mechanism it implements, -with the <strong>flags</strong> method. In the most common case, this method -just returns <code class="docutils literal notranslate"><span class="pre">PA_REAL</span></code>, indicating that it implements a normal -preauthentication type.</p></li> -<li><p>Examining the padata information included in a PREAUTH_REQUIRED or -MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the -next AS request. This is done with the <strong>process</strong> method.</p></li> -<li><p>Examining the padata information included in a successful ticket -reply, possibly verifying the KDC identity and computing a reply -key. This is also done with the <strong>process</strong> method.</p></li> -<li><p>For preauthentication types which support it, recovering from errors -by examining the error data from the KDC and producing a padata -value for another AS request. This is done with the <strong>tryagain</strong> -method.</p></li> -<li><p>Receiving option information (supplied by <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-X</span></code> or by an -application), with the <strong>gic_opts</strong> method.</p></li> -</ul> -<p>A clpreauth module can create and destroy per-library-context and -per-request state objects by implementing the <strong>init</strong>, <strong>fini</strong>, -<strong>request_init</strong>, and <strong>request_fini</strong> methods. Per-context state -objects have the type krb5_clpreauth_moddata, and per-request state -objects have the type krb5_clpreauth_modreq. These are abstract -pointer types; a module should typically cast these to internal -types for the state objects.</p> -<p>The <strong>process</strong> and <strong>tryagain</strong> methods have access to a callback -function and handle (called a “rock”) which can be used to get -additional information about the current request, including the -expected enctype of the AS reply, the FAST armor key, and the client -long-term key (prompting for the user password if necessary). A -callback can also be used to replace the AS reply key if the -preauthentication mechanism computes one.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Client preauthentication interface (clpreauth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="general.html" title="General plugin concepts" - >previous</a> | - <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Client preauthentication interface (clpreauth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/general.html b/crypto/krb5/doc/html/plugindev/general.html deleted file mode 100644 index ef4b651470d1..000000000000 --- a/crypto/krb5/doc/html/plugindev/general.html +++ /dev/null @@ -1,240 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>General plugin concepts — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Client preauthentication interface (clpreauth)" href="clpreauth.html" /> - <link rel="prev" title="For plugin module developers" href="index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="For plugin module developers" - accesskey="P">previous</a> | - <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__General plugin concepts">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="general-plugin-concepts"> -<h1>General plugin concepts<a class="headerlink" href="#general-plugin-concepts" title="Link to this heading">¶</a></h1> -<p>A krb5 dynamic plugin module is a Unix shared object or Windows DLL. -Typically, the source code for a dynamic plugin module should live in -its own project with a build system using <a class="reference external" href="https://www.gnu.org/software/automake/">automake</a> and <a class="reference external" href="https://www.gnu.org/software/libtool/">libtool</a>, or -tools with similar functionality.</p> -<p>A plugin module must define a specific symbol name, which depends on -the pluggable interface and module name. For most pluggable -interfaces, the exported symbol is a function named -<code class="docutils literal notranslate"><span class="pre">INTERFACE_MODULE_initvt</span></code>, where <em>INTERFACE</em> is the name of the -pluggable interface and <em>MODULE</em> is the name of the module. For these -interfaces, it is possible for one shared object or DLL to implement -multiple plugin modules, either for the same pluggable interface or -for different ones. For example, a shared object could implement both -KDC and client preauthentication mechanisms, by exporting functions -named <code class="docutils literal notranslate"><span class="pre">kdcpreauth_mymech_initvt</span></code> and <code class="docutils literal notranslate"><span class="pre">clpreauth_mymech_initvt</span></code>.</p> -<p>A plugin module implementation should include the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/INTERFACE_plugin.h></span></code>, where <em>INTERFACE</em> is the name of the -pluggable interface. For instance, a ccselect plugin module -implementation should use <code class="docutils literal notranslate"><span class="pre">#include</span> <span class="pre"><krb5/ccselect_plugin.h></span></code>.</p> -<p>initvt functions have the following prototype:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">krb5_error_code</span> <span class="n">interface_modname_initvt</span><span class="p">(</span><span class="n">krb5_context</span> <span class="n">context</span><span class="p">,</span> - <span class="nb">int</span> <span class="n">maj_ver</span><span class="p">,</span> <span class="nb">int</span> <span class="n">min_ver</span><span class="p">,</span> - <span class="n">krb5_plugin_vtable</span> <span class="n">vtable</span><span class="p">);</span> -</pre></div> -</div> -<p>and should do the following:</p> -<ol class="arabic simple"> -<li><p>Check that the supplied maj_ver argument is supported by the -module. If it is not supported, the function should return -KRB5_PLUGIN_VER_NOTSUPP.</p></li> -<li><p>Cast the supplied vtable pointer to the structure type -corresponding to the major version, as documented in the pluggable -interface header file.</p></li> -<li><p>Fill in the structure fields with pointers to method functions and -static data, stopping at the field indicated by the supplied minor -version. Fields for unimplemented optional methods can be left -alone; it is not necessary to initialize them to NULL.</p></li> -</ol> -<p>In most cases, the context argument will not be used. The initvt -function should not allocate memory; think of it as a glorified -structure initializer. Each pluggable interface defines methods for -allocating and freeing module state if doing so is necessary for the -interface.</p> -<p>Pluggable interfaces typically include a <strong>name</strong> field in the vtable -structure, which should be filled in with a pointer to a string -literal containing the module name.</p> -<p>Here is an example of what an initvt function might look like for a -fictional pluggable interface named fences, for a module named -“wicker”:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">krb5_error_code</span> -<span class="n">fences_wicker_initvt</span><span class="p">(</span><span class="n">krb5_context</span> <span class="n">context</span><span class="p">,</span> <span class="nb">int</span> <span class="n">maj_ver</span><span class="p">,</span> - <span class="nb">int</span> <span class="n">min_ver</span><span class="p">,</span> <span class="n">krb5_plugin_vtable</span> <span class="n">vtable</span><span class="p">)</span> -<span class="p">{</span> - <span class="n">krb5_ccselect_vtable</span> <span class="n">vt</span><span class="p">;</span> - - <span class="k">if</span> <span class="p">(</span><span class="n">maj_ver</span> <span class="o">==</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> - <span class="n">krb5_fences_vtable</span> <span class="n">vt</span> <span class="o">=</span> <span class="p">(</span><span class="n">krb5_fences_vtable</span><span class="p">)</span><span class="n">vtable</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">name</span> <span class="o">=</span> <span class="s2">"wicker"</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">slats</span> <span class="o">=</span> <span class="n">wicker_slats</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">braces</span> <span class="o">=</span> <span class="n">wicker_braces</span><span class="p">;</span> - <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">maj_ver</span> <span class="o">==</span> <span class="mi">2</span><span class="p">)</span> <span class="p">{</span> - <span class="n">krb5_fences_vtable_v2</span> <span class="n">vt</span> <span class="o">=</span> <span class="p">(</span><span class="n">krb5_fences_vtable_v2</span><span class="p">)</span><span class="n">vtable</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">name</span> <span class="o">=</span> <span class="s2">"wicker"</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">material</span> <span class="o">=</span> <span class="n">wicker_material</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">construction</span> <span class="o">=</span> <span class="n">wicker_construction</span><span class="p">;</span> - <span class="k">if</span> <span class="p">(</span><span class="n">min_ver</span> <span class="o"><</span> <span class="mi">2</span><span class="p">)</span> - <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">footing</span> <span class="o">=</span> <span class="n">wicker_footing</span><span class="p">;</span> - <span class="k">if</span> <span class="p">(</span><span class="n">min_ver</span> <span class="o"><</span> <span class="mi">3</span><span class="p">)</span> - <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> - <span class="n">vt</span><span class="o">-></span><span class="n">appearance</span> <span class="o">=</span> <span class="n">wicker_appearance</span><span class="p">;</span> - <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> - <span class="k">return</span> <span class="n">KRB5_PLUGIN_VER_NOTSUPP</span><span class="p">;</span> - <span class="p">}</span> - <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> -<span class="p">}</span> -</pre></div> -</div> -<section id="logging-from-kdc-and-kadmind-plugin-modules"> -<h2>Logging from KDC and kadmind plugin modules<a class="headerlink" href="#logging-from-kdc-and-kadmind-plugin-modules" title="Link to this heading">¶</a></h2> -<p>Plugin modules for the KDC or kadmind daemons can write to the -configured logging outputs (see <a class="reference internal" href="../admin/conf_files/kdc_conf.html#logging"><span class="std std-ref">[logging]</span></a>) by calling the -<strong>com_err</strong> function. The first argument (<em>whoami</em>) is ignored. If -the second argument (<em>code</em>) is zero, the formatted message is logged -at informational severity; otherwise, the formatted message is logged -at error severity and includes the error message for the supplied -code. Here are examples:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">com_err</span><span class="p">(</span><span class="s2">""</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="s2">"Client message contains </span><span class="si">%d</span><span class="s2"> items"</span><span class="p">,</span> <span class="n">nitems</span><span class="p">);</span> -<span class="n">com_err</span><span class="p">(</span><span class="s2">""</span><span class="p">,</span> <span class="n">retval</span><span class="p">,</span> <span class="s2">"while decoding client message"</span><span class="p">);</span> -</pre></div> -</div> -<p>(The behavior described above is new in release 1.17. In prior -releases, the <em>whoami</em> argument is included for some logging output -types, the logged message does not include the usual header for some -output types, and the severity for syslog outputs is configured as -part of the logging specification, defaulting to error severity.)</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">General plugin concepts</a><ul> -<li><a class="reference internal" href="#logging-from-kdc-and-kadmind-plugin-modules">Logging from KDC and kadmind plugin modules</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2 current"><a class="current reference internal" href="#">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="For plugin module developers" - >previous</a> | - <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__General plugin concepts">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/gssapi.html b/crypto/krb5/doc/html/plugindev/gssapi.html deleted file mode 100644 index 199f68c4fb36..000000000000 --- a/crypto/krb5/doc/html/plugindev/gssapi.html +++ /dev/null @@ -1,257 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>GSSAPI mechanism interface — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Internal pluggable interfaces" href="internal.html" /> - <link rel="prev" title="Configuration interface (profile)" href="profile.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="profile.html" title="Configuration interface (profile)" - accesskey="P">previous</a> | - <a href="internal.html" title="Internal pluggable interfaces" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__GSSAPI mechanism interface">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="gssapi-mechanism-interface"> -<h1>GSSAPI mechanism interface<a class="headerlink" href="#gssapi-mechanism-interface" title="Link to this heading">¶</a></h1> -<p>The GSSAPI library in MIT krb5 can load mechanism modules to augment -the set of built-in mechanisms.</p> -<p>A mechanism module is a Unix shared object or Windows DLL, built -separately from the krb5 tree. Modules are loaded according to the -GSS mechanism config files described in <a class="reference internal" href="../admin/host_config.html#gssapi-plugin-config"><span class="std std-ref">GSSAPI mechanism modules</span></a>.</p> -<p>For the most part, a GSSAPI mechanism module exports the same -functions as would a GSSAPI implementation itself, with the same -function signatures. The mechanism selection layer within the GSSAPI -library (called the “mechglue”) will dispatch calls from the -application to the module if the module’s mechanism is requested. If -a module does not wish to implement a GSSAPI extension, it can simply -refrain from exporting it, and the mechglue will fail gracefully if -the application calls that function.</p> -<p>The mechglue does not invoke a module’s <strong>gss_add_cred</strong>, -<strong>gss_add_cred_from</strong>, <strong>gss_add_cred_impersonate_name</strong>, or -<strong>gss_add_cred_with_password</strong> function. A mechanism only needs to -implement the “acquire” variants of those functions.</p> -<p>A module does not need to coordinate its minor status codes with those -of other mechanisms. If the mechglue detects conflicts, it will map -the mechanism’s status codes onto unique values, and then map them -back again when <strong>gss_display_status</strong> is called.</p> -<section id="negoex-modules"> -<h2>NegoEx modules<a class="headerlink" href="#negoex-modules" title="Link to this heading">¶</a></h2> -<p>Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft -extension to SPNEGO called NegoEx. Beginning with release 1.18, -mechanism modules can support NegoEx as follows:</p> -<ul class="simple"> -<li><p>Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(), -and gssspi_query_mechanism_info() SPIs declared in -<code class="docutils literal notranslate"><span class="pre"><gssapi/gssapi_ext.h></span></code>.</p></li> -<li><p>Implement gss_inquire_sec_context_by_oid() and answer the -<strong>GSS_C_INQ_NEGOEX_KEY</strong> and <strong>GSS_C_INQ_NEGOEX_VERIFY_KEY</strong> OIDs -to provide the checksum keys for outgoing and incoming checksums, -respectively. The answer must be in two buffers: the first buffer -contains the key contents, and the second buffer contains the key -encryption type as a four-byte little-endian integer.</p></li> -</ul> -<p>By default, NegoEx mechanisms will not be directly negotiated via -SPNEGO. If direct SPNEGO negotiation is required for -interoperability, implement gss_inquire_attrs_for_mech() and assert -the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable -RFC 5587 attributes).</p> -</section> -<section id="interposer-modules"> -<h2>Interposer modules<a class="headerlink" href="#interposer-modules" title="Link to this heading">¶</a></h2> -<p>The mechglue also supports a kind of loadable module, called an -interposer module, which intercepts calls to existing mechanisms -rather than implementing a new mechanism.</p> -<p>An interposer module must export the symbol <strong>gss_mech_interposer</strong> -with the following signature:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">gss_OID_set</span> <span class="n">gss_mech_interposer</span><span class="p">(</span><span class="n">gss_OID</span> <span class="n">mech_type</span><span class="p">);</span> -</pre></div> -</div> -<p>This function is invoked with the OID of the interposer mechanism as -specified in the mechanism config file, and returns a set of mechanism -OIDs to be interposed. The returned OID set must have been created -using the mechglue’s gss_create_empty_oid_set and -gss_add_oid_set_member functions.</p> -<p>An interposer module must use the prefix <code class="docutils literal notranslate"><span class="pre">gssi_</span></code> for the GSSAPI -functions it exports, instead of the prefix <code class="docutils literal notranslate"><span class="pre">gss_</span></code>. In most cases, -unexported <code class="docutils literal notranslate"><span class="pre">gssi_</span></code> functions will result in failure from their -corresponding <code class="docutils literal notranslate"><span class="pre">gss_</span></code> calls.</p> -<p>An interposer module can link against the GSSAPI library in order to -make calls to the original mechanism. To do so, it must specify a -special mechanism OID which is the concatention of the interposer’s -own OID byte string and the original mechanism’s OID byte string.</p> -<p>Functions that do not accept a mechanism argument directly require no -special handling, with the following exceptions:</p> -<p>Since <strong>gss_accept_sec_context</strong> does not accept a mechanism argument, -an interposer mechanism must, in order to invoke the original -mechanism’s function, acquire a credential for the concatenated OID -and pass that as the <em>verifier_cred_handle</em> parameter.</p> -<p>Since <strong>gss_import_name</strong>, <strong>gss_import_cred</strong>, and -<strong>gss_import_sec_context</strong> do not accept mechanism parameters, the SPI -has been extended to include variants which do. This allows the -interposer module to know which mechanism should be used to interpret -the token. These functions have the following signatures:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">OM_uint32</span> <span class="n">gssi_import_sec_context_by_mech</span><span class="p">(</span><span class="n">OM_uint32</span> <span class="o">*</span><span class="n">minor_status</span><span class="p">,</span> - <span class="n">gss_OID</span> <span class="n">desired_mech</span><span class="p">,</span> <span class="n">gss_buffer_t</span> <span class="n">interprocess_token</span><span class="p">,</span> - <span class="n">gss_ctx_id_t</span> <span class="o">*</span><span class="n">context_handle</span><span class="p">);</span> - -<span class="n">OM_uint32</span> <span class="n">gssi_import_name_by_mech</span><span class="p">(</span><span class="n">OM_uint32</span> <span class="o">*</span><span class="n">minor_status</span><span class="p">,</span> - <span class="n">gss_OID</span> <span class="n">mech_type</span><span class="p">,</span> <span class="n">gss_buffer_t</span> <span class="n">input_name_buffer</span><span class="p">,</span> - <span class="n">gss_OID</span> <span class="n">input_name_type</span><span class="p">,</span> <span class="n">gss_name_t</span> <span class="n">output_name</span><span class="p">);</span> - -<span class="n">OM_uint32</span> <span class="n">gssi_import_cred_by_mech</span><span class="p">(</span><span class="n">OM_uint32</span> <span class="o">*</span><span class="n">minor_status</span><span class="p">,</span> - <span class="n">gss_OID</span> <span class="n">mech_type</span><span class="p">,</span> <span class="n">gss_buffer_t</span> <span class="n">token</span><span class="p">,</span> - <span class="n">gss_cred_id_t</span> <span class="o">*</span><span class="n">cred_handle</span><span class="p">);</span> -</pre></div> -</div> -<p>To re-enter the original mechanism when importing tokens for the above -functions, the interposer module must wrap the mechanism token in the -mechglue’s format, using the concatenated OID (except in -<strong>gss_import_name</strong>). The mechglue token formats are:</p> -<ul class="simple"> -<li><p>For <strong>gss_import_sec_context</strong>, a four-byte OID length in big-endian -order, followed by the concatenated OID, followed by the mechanism -token.</p></li> -<li><p>For <strong>gss_import_name</strong>, the bytes 04 01, followed by a two-byte OID -length in big-endian order, followed by the mechanism OID, followed -by a four-byte token length in big-endian order, followed by the -mechanism token. Unlike most uses of OIDs in the API, the mechanism -OID encoding must include the DER tag and length for an object -identifier (06 followed by the DER length of the OID byte string), -and this prefix must be included in the two-byte OID length. -input_name_type must also be set to GSS_C_NT_EXPORT_NAME.</p></li> -<li><p>For <strong>gss_import_cred</strong>, a four-byte OID length in big-endian order, -followed by the concatenated OID, followed by a four-byte token -length in big-endian order, followed by the mechanism token. This -sequence may be repeated multiple times.</p></li> -</ul> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">GSSAPI mechanism interface</a><ul> -<li><a class="reference internal" href="#negoex-modules">NegoEx modules</a></li> -<li><a class="reference internal" href="#interposer-modules">Interposer modules</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="profile.html" title="Configuration interface (profile)" - >previous</a> | - <a href="internal.html" title="Internal pluggable interfaces" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__GSSAPI mechanism interface">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/hostrealm.html b/crypto/krb5/doc/html/plugindev/hostrealm.html deleted file mode 100644 index b2c29eb205c4..000000000000 --- a/crypto/krb5/doc/html/plugindev/hostrealm.html +++ /dev/null @@ -1,168 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Host-to-realm interface (hostrealm) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Local authorization interface (localauth)" href="localauth.html" /> - <link rel="prev" title="kadmin authorization interface (kadm5_auth)" href="kadm5_auth.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kadm5_auth.html" title="kadmin authorization interface (kadm5_auth)" - accesskey="P">previous</a> | - <a href="localauth.html" title="Local authorization interface (localauth)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Host-to-realm interface (hostrealm)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="host-to-realm-interface-hostrealm"> -<span id="hostrealm-plugin"></span><h1>Host-to-realm interface (hostrealm)<a class="headerlink" href="#host-to-realm-interface-hostrealm" title="Link to this heading">¶</a></h1> -<p>The host-to-realm interface was first introduced in release 1.12. It -allows modules to control the local mapping of hostnames to realm -names as well as the default realm. For a detailed description of the -hostrealm interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/hostrealm_plugin.h></span></code>.</p> -<p>Although the mapping methods in the hostrealm interface return a list -of one or more realms, only the first realm in the list is currently -used by callers. Callers may begin using later responses in the -future.</p> -<p>Any mapping method may return KRB5_PLUGIN_NO_HANDLE to defer -processing to a later module.</p> -<p>A module can create and destroy per-library-context state objects -using the <strong>init</strong> and <strong>fini</strong> methods. If the module does not need -any state, it does not need to implement these methods.</p> -<p>The optional <strong>host_realm</strong> method allows a module to determine -authoritative realm mappings for a hostname. The first authoritative -mapping is used in preference to KDC referrals when getting service -credentials.</p> -<p>The optional <strong>fallback_realm</strong> method allows a module to determine -fallback mappings for a hostname. The first fallback mapping is tried -if there is no authoritative mapping for a realm, and KDC referrals -failed to produce a successful result.</p> -<p>The optional <strong>default_realm</strong> method allows a module to determine the -local default realm.</p> -<p>If a module implements any of the above methods, it must also -implement <strong>free_list</strong> to ensure that memory is allocated and -deallocated consistently.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Host-to-realm interface (hostrealm)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kadm5_auth.html" title="kadmin authorization interface (kadm5_auth)" - >previous</a> | - <a href="localauth.html" title="Local authorization interface (localauth)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Host-to-realm interface (hostrealm)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/index.html b/crypto/krb5/doc/html/plugindev/index.html deleted file mode 100644 index cfa9f04216b3..000000000000 --- a/crypto/krb5/doc/html/plugindev/index.html +++ /dev/null @@ -1,183 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>For plugin module developers — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="General plugin concepts" href="general.html" /> - <link rel="prev" title="krb524_init_ets" href="../appdev/refs/macros/krb524_init_ets.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../appdev/refs/macros/krb524_init_ets.html" title="krb524_init_ets" - accesskey="P">previous</a> | - <a href="general.html" title="General plugin concepts" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For plugin module developers">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="for-plugin-module-developers"> -<h1>For plugin module developers<a class="headerlink" href="#for-plugin-module-developers" title="Link to this heading">¶</a></h1> -<p>Kerberos plugin modules allow increased control over MIT krb5 library -and server behavior. This guide describes how to create dynamic -plugin modules and the currently available pluggable interfaces.</p> -<p>See <a class="reference internal" href="../admin/host_config.html#plugin-config"><span class="std std-ref">Plugin module configuration</span></a> for information on how to register dynamic -plugin modules and how to enable and disable modules via -<a class="reference internal" href="../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>.</p> -<section id="contents"> -<h2>Contents<a class="headerlink" href="#contents" title="Link to this heading">¶</a></h2> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="general.html">General plugin concepts</a><ul> -<li class="toctree-l2"><a class="reference internal" href="general.html#logging-from-kdc-and-kadmind-plugin-modules">Logging from KDC and kadmind plugin modules</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l1"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l1"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l1"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l1"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l1"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l1"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l1"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l1"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l1"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l1"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a><ul> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html#negoex-modules">NegoEx modules</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html#interposer-modules">Interposer modules</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a><ul> -<li class="toctree-l2"><a class="reference internal" href="internal.html#kerberos-database-interface-kdb">Kerberos database interface (KDB)</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html#authorization-data-interface-authdata">Authorization data interface (authdata)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l1"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</div> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">For plugin module developers</a><ul> -<li><a class="reference internal" href="#contents">Contents</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="current reference internal" href="#">For plugin module developers</a><ul> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../appdev/refs/macros/krb524_init_ets.html" title="krb524_init_ets" - >previous</a> | - <a href="general.html" title="General plugin concepts" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For plugin module developers">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/internal.html b/crypto/krb5/doc/html/plugindev/internal.html deleted file mode 100644 index e2ccae32b6a1..000000000000 --- a/crypto/krb5/doc/html/plugindev/internal.html +++ /dev/null @@ -1,169 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Internal pluggable interfaces — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="PKINIT certificate authorization interface (certauth)" href="certauth.html" /> - <link rel="prev" title="GSSAPI mechanism interface" href="gssapi.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="gssapi.html" title="GSSAPI mechanism interface" - accesskey="P">previous</a> | - <a href="certauth.html" title="PKINIT certificate authorization interface (certauth)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Internal pluggable interfaces">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="internal-pluggable-interfaces"> -<h1>Internal pluggable interfaces<a class="headerlink" href="#internal-pluggable-interfaces" title="Link to this heading">¶</a></h1> -<p>Following are brief discussions of pluggable interfaces which have not -yet been made public. These interfaces are functional, but the -interfaces are likely to change in incompatible ways from release to -release. In some cases, it may be necessary to copy header files from -the krb5 source tree to use an internal interface. Use these with -care, and expect to need to update your modules for each new release -of MIT krb5.</p> -<section id="kerberos-database-interface-kdb"> -<h2>Kerberos database interface (KDB)<a class="headerlink" href="#kerberos-database-interface-kdb" title="Link to this heading">¶</a></h2> -<p>A KDB module implements a database back end for KDC principal and -policy information, and can also control many aspects of KDC behavior. -For a full description of the interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><kdb.h></span></code>.</p> -<p>The KDB pluggable interface is often referred to as the DAL (Database -Access Layer).</p> -</section> -<section id="authorization-data-interface-authdata"> -<h2>Authorization data interface (authdata)<a class="headerlink" href="#authorization-data-interface-authdata" title="Link to this heading">¶</a></h2> -<p>The authdata interface allows a module to provide (from the KDC) or -consume (in application servers) authorization data of types beyond -those handled by the core MIT krb5 code base. The interface is -defined in the header file <code class="docutils literal notranslate"><span class="pre"><krb5/authdata_plugin.h></span></code>, which is not -installed by the build.</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Internal pluggable interfaces</a><ul> -<li><a class="reference internal" href="#kerberos-database-interface-kdb">Kerberos database interface (KDB)</a></li> -<li><a class="reference internal" href="#authorization-data-interface-authdata">Authorization data interface (authdata)</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="gssapi.html" title="GSSAPI mechanism interface" - >previous</a> | - <a href="certauth.html" title="PKINIT certificate authorization interface (certauth)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Internal pluggable interfaces">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/kadm5_auth.html b/crypto/krb5/doc/html/plugindev/kadm5_auth.html deleted file mode 100644 index 360c15dfeaf2..000000000000 --- a/crypto/krb5/doc/html/plugindev/kadm5_auth.html +++ /dev/null @@ -1,167 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kadmin authorization interface (kadm5_auth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Host-to-realm interface (hostrealm)" href="hostrealm.html" /> - <link rel="prev" title="KADM5 hook interface (kadm5_hook)" href="kadm5_hook.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" - accesskey="P">previous</a> | - <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kadmin authorization interface (kadm5_auth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kadmin-authorization-interface-kadm5-auth"> -<span id="kadm5-auth-plugin"></span><h1>kadmin authorization interface (kadm5_auth)<a class="headerlink" href="#kadmin-authorization-interface-kadm5-auth" title="Link to this heading">¶</a></h1> -<p>The kadm5_auth interface (new in release 1.16) allows modules to -determine whether a client principal is authorized to perform an -operation in the kadmin protocol, and to apply restrictions to -principal operations. For a detailed description of the kadm5_auth -interface, see the header file <code class="docutils literal notranslate"><span class="pre"><krb5/kadm5_auth_plugin.h></span></code>.</p> -<p>A module can create and destroy per-process state objects by -implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have -the type kadm5_auth_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.</p> -<p>The kadm5_auth interface has one method for each kadmin operation, -with parameters specific to the operation. Each method can return -either 0 to authorize access, KRB5_PLUGIN_NO_HANDLE to defer the -decision to other modules, or another error (canonically EPERM) to -authoritatively deny access. Access is granted if at least one module -grants access and no module authoritatively denies access.</p> -<p>The <strong>addprinc</strong> and <strong>modprinc</strong> methods can also impose restrictions -on the principal operation by returning a <code class="docutils literal notranslate"><span class="pre">struct</span> -<span class="pre">kadm5_auth_restrictions</span></code> object. The module should also implement -the <strong>free_restrictions</strong> method if it dynamically allocates -restrictions objects for principal operations.</p> -<p>kadm5_auth modules can optionally inspect principal or policy objects. -To do this, the module must also include <code class="docutils literal notranslate"><span class="pre"><kadm5/admin.h></span></code> to gain -access to the structure definitions for those objects. As the kadmin -interface is explicitly not as stable as other public interfaces, -modules which do this may not retain compatibility across releases.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kadmin authorization interface (kadm5_auth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" - >previous</a> | - <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kadmin authorization interface (kadm5_auth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/kadm5_hook.html b/crypto/krb5/doc/html/plugindev/kadm5_hook.html deleted file mode 100644 index 77a65b29d6e0..000000000000 --- a/crypto/krb5/doc/html/plugindev/kadm5_hook.html +++ /dev/null @@ -1,160 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>KADM5 hook interface (kadm5_hook) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="kadmin authorization interface (kadm5_auth)" href="kadm5_auth.html" /> - <link rel="prev" title="Password quality interface (pwqual)" href="pwqual.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="pwqual.html" title="Password quality interface (pwqual)" - accesskey="P">previous</a> | - <a href="kadm5_auth.html" title="kadmin authorization interface (kadm5_auth)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KADM5 hook interface (kadm5_hook)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kadm5-hook-interface-kadm5-hook"> -<span id="kadm5-hook-plugin"></span><h1>KADM5 hook interface (kadm5_hook)<a class="headerlink" href="#kadm5-hook-interface-kadm5-hook" title="Link to this heading">¶</a></h1> -<p>The kadm5_hook interface allows modules to perform actions when -changes are made to the Kerberos database through <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>. -For a detailed description of the kadm5_hook interface, see the header -file <code class="docutils literal notranslate"><span class="pre"><krb5/kadm5_hook_plugin.h></span></code>.</p> -<p>The kadm5_hook interface has five primary methods: <strong>chpass</strong>, -<strong>create</strong>, <strong>modify</strong>, <strong>remove</strong>, and <strong>rename</strong>. (The <strong>rename</strong> -method was introduced in release 1.14.) Each of these methods is -called twice when the corresponding administrative action takes place, -once before the action is committed and once afterwards. A module can -prevent the action from taking place by returning an error code during -the pre-commit stage.</p> -<p>A module can create and destroy per-process state objects by -implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have -the type kadm5_hook_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.</p> -<p>Because the kadm5_hook interface is tied closely to the kadmin -interface (which is explicitly unstable), it may not remain as stable -across versions as other public pluggable interfaces.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">KADM5 hook interface (kadm5_hook)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="pwqual.html" title="Password quality interface (pwqual)" - >previous</a> | - <a href="kadm5_auth.html" title="kadmin authorization interface (kadm5_auth)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KADM5 hook interface (kadm5_hook)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/kdcpolicy.html b/crypto/krb5/doc/html/plugindev/kdcpolicy.html deleted file mode 100644 index 7075ff8da92e..000000000000 --- a/crypto/krb5/doc/html/plugindev/kdcpolicy.html +++ /dev/null @@ -1,158 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>KDC policy interface (kdcpolicy) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Building Kerberos V5" href="../build/index.html" /> - <link rel="prev" title="PKINIT certificate authorization interface (certauth)" href="certauth.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="certauth.html" title="PKINIT certificate authorization interface (certauth)" - accesskey="P">previous</a> | - <a href="../build/index.html" title="Building Kerberos V5" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC policy interface (kdcpolicy)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kdc-policy-interface-kdcpolicy"> -<span id="kdcpolicy-plugin"></span><h1>KDC policy interface (kdcpolicy)<a class="headerlink" href="#kdc-policy-interface-kdcpolicy" title="Link to this heading">¶</a></h1> -<p>The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/kdcpolicy_plugin.h></span></code>.</p> -<p>The optional <strong>check_as</strong> and <strong>check_tgs</strong> functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the <strong>init</strong> and <strong>fini</strong> methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5_kdcpolicy_moddata, which should be cast to the appropriate -internal type.</p> -<p>kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include <code class="docutils literal notranslate"><span class="pre"><kdb.h></span></code> to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">KDC policy interface (kdcpolicy)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="certauth.html" title="PKINIT certificate authorization interface (certauth)" - >previous</a> | - <a href="../build/index.html" title="Building Kerberos V5" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC policy interface (kdcpolicy)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/kdcpreauth.html b/crypto/krb5/doc/html/plugindev/kdcpreauth.html deleted file mode 100644 index a1a53801f7d8..000000000000 --- a/crypto/krb5/doc/html/plugindev/kdcpreauth.html +++ /dev/null @@ -1,205 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>KDC preauthentication interface (kdcpreauth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Credential cache selection interface (ccselect)" href="ccselect.html" /> - <link rel="prev" title="Client preauthentication interface (clpreauth)" href="clpreauth.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" - accesskey="P">previous</a> | - <a href="ccselect.html" title="Credential cache selection interface (ccselect)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC preauthentication interface (kdcpreauth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kdc-preauthentication-interface-kdcpreauth"> -<h1>KDC preauthentication interface (kdcpreauth)<a class="headerlink" href="#kdc-preauthentication-interface-kdcpreauth" title="Link to this heading">¶</a></h1> -<p>The kdcpreauth interface allows the addition of KDC support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the kdcpreauth -interface, see the header file <code class="docutils literal notranslate"><span class="pre"><krb5/kdcpreauth_plugin.h></span></code> (or -<code class="docutils literal notranslate"><span class="pre"><krb5/preauth_plugin.h></span></code> before release 1.12).</p> -<p>A kdcpreauth module is generally responsible for:</p> -<ul class="simple"> -<li><p>Supplying a list of preauth type numbers used by the module in the -<strong>pa_type_list</strong> field of the vtable structure.</p></li> -<li><p>Indicating what kind of preauthentication mechanism it implements, -with the <strong>flags</strong> method. If the mechanism computes a new reply -key, it must specify the <code class="docutils literal notranslate"><span class="pre">PA_REPLACES_KEY</span></code> flag. If the mechanism -is generally only used with hardware tokens, the <code class="docutils literal notranslate"><span class="pre">PA_HARDWARE</span></code> -flag allows the mechanism to work with principals which have the -<strong>requires_hwauth</strong> flag set.</p></li> -<li><p>Producing a padata value to be sent with a preauth_required error, -with the <strong>edata</strong> method.</p></li> -<li><p>Examining a padata value sent by a client and verifying that it -proves knowledge of the appropriate client credential information. -This is done with the <strong>verify</strong> method.</p></li> -<li><p>Producing a padata response value for the client, and possibly -computing a reply key. This is done with the <strong>return_padata</strong> -method.</p></li> -</ul> -<p>A module can create and destroy per-KDC state objects by implementing -the <strong>init</strong> and <strong>fini</strong> methods. Per-KDC state objects have the -type krb5_kdcpreauth_moddata, which is an abstract pointer types. A -module should typically cast this to an internal type for the state -object.</p> -<p>A module can create a per-request state object by returning one in the -<strong>verify</strong> method, receiving it in the <strong>return_padata</strong> method, and -destroying it in the <strong>free_modreq</strong> method. Note that these state -objects only apply to the processing of a single AS request packet, -not to an entire authentication exchange (since an authentication -exchange may remain unfinished by the client or may involve multiple -different KDC hosts). Per-request state objects have the type -krb5_kdcpreauth_modreq, which is an abstract pointer type.</p> -<p>The <strong>edata</strong>, <strong>verify</strong>, and <strong>return_padata</strong> methods have access -to a callback function and handle (called a “rock”) which can be used -to get additional information about the current request, including the -maximum allowable clock skew, the client’s long-term keys, the -DER-encoded request body, the FAST armor key, string attributes on the -client’s database entry, and the client’s database entry itself. The -<strong>verify</strong> method can assert one or more authentication indicators to -be included in the issued ticket using the <code class="docutils literal notranslate"><span class="pre">add_auth_indicator</span></code> -callback (new in release 1.14).</p> -<p>A module can generate state information to be included with the next -client request using the <code class="docutils literal notranslate"><span class="pre">set_cookie</span></code> callback (new in release -1.14). On the next request, the module can read this state -information using the <code class="docutils literal notranslate"><span class="pre">get_cookie</span></code> callback. Cookie information is -encrypted, timestamped, and transmitted to the client in a -<code class="docutils literal notranslate"><span class="pre">PA-FX-COOKIE</span></code> pa-data item. Older clients may not support cookies -and therefore may not transmit the cookie in the next request; in this -case, <code class="docutils literal notranslate"><span class="pre">get_cookie</span></code> will not yield the saved information.</p> -<p>If a module implements a mechanism which requires multiple round -trips, its <strong>verify</strong> method can respond with the code -<code class="docutils literal notranslate"><span class="pre">KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED</span></code> and a list of pa-data in -the <em>e_data</em> parameter to be processed by the client.</p> -<p>The <strong>edata</strong> and <strong>verify</strong> methods can be implemented -asynchronously. Because of this, they do not return values directly -to the caller, but must instead invoke responder functions with their -results. A synchronous implementation can invoke the responder -function immediately. An asynchronous implementation can use the -callback to get an event context for use with the <a class="reference external" href="https://fedorahosted.org/libverto/">libverto</a> API.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">KDC preauthentication interface (kdcpreauth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" - >previous</a> | - <a href="ccselect.html" title="Credential cache selection interface (ccselect)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC preauthentication interface (kdcpreauth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/localauth.html b/crypto/krb5/doc/html/plugindev/localauth.html deleted file mode 100644 index 141b034459a8..000000000000 --- a/crypto/krb5/doc/html/plugindev/localauth.html +++ /dev/null @@ -1,174 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Local authorization interface (localauth) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Server location interface (locate)" href="locate.html" /> - <link rel="prev" title="Host-to-realm interface (hostrealm)" href="hostrealm.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" - accesskey="P">previous</a> | - <a href="locate.html" title="Server location interface (locate)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Local authorization interface (localauth)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="local-authorization-interface-localauth"> -<span id="localauth-plugin"></span><h1>Local authorization interface (localauth)<a class="headerlink" href="#local-authorization-interface-localauth" title="Link to this heading">¶</a></h1> -<p>The localauth interface was first introduced in release 1.12. It -allows modules to control the relationship between Kerberos principals -and local system accounts. When an application calls -<a class="reference internal" href="../appdev/refs/api/krb5_kuserok.html#c.krb5_kuserok" title="krb5_kuserok"><code class="xref c c-func docutils literal notranslate"><span class="pre">krb5_kuserok()</span></code></a> or <a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><code class="xref c c-func docutils literal notranslate"><span class="pre">krb5_aname_to_localname()</span></code></a>, localauth -modules are consulted to determine the result. For a detailed -description of the localauth interface, see the header file -<code class="docutils literal notranslate"><span class="pre"><krb5/localauth_plugin.h></span></code>.</p> -<p>A module can create and destroy per-library-context state objects -using the <strong>init</strong> and <strong>fini</strong> methods. If the module does not need -any state, it does not need to implement these methods.</p> -<p>The optional <strong>userok</strong> method allows a module to control the behavior -of <a class="reference internal" href="../appdev/refs/api/krb5_kuserok.html#c.krb5_kuserok" title="krb5_kuserok"><code class="xref c c-func docutils literal notranslate"><span class="pre">krb5_kuserok()</span></code></a>. The module receives the authenticated name -and the local account name as inputs, and can return either 0 to -authorize access, KRB5_PLUGIN_NO_HANDLE to defer the decision to other -modules, or another error (canonically EPERM) to authoritatively deny -access. Access is granted if at least one module grants access and no -module authoritatively denies access.</p> -<p>The optional <strong>an2ln</strong> method can work in two different ways. If the -module sets an array of uppercase type names in <strong>an2ln_types</strong>, then -the module’s <strong>an2ln</strong> method will only be invoked by -<a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><code class="xref c c-func docutils literal notranslate"><span class="pre">krb5_aname_to_localname()</span></code></a> if an <strong>auth_to_local</strong> value in -<a class="reference internal" href="../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a> refers to one of the module’s types. In this -case, the <em>type</em> and <em>residual</em> arguments will give the type name and -residual string of the <strong>auth_to_local</strong> value.</p> -<p>If the module does not set <strong>an2ln_types</strong> but does implement -<strong>an2ln</strong>, the module’s <strong>an2ln</strong> method will be invoked for all -<a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><code class="xref c c-func docutils literal notranslate"><span class="pre">krb5_aname_to_localname()</span></code></a> operations unless an earlier module -determines a mapping, with <em>type</em> and <em>residual</em> set to NULL. The -module can return KRB5_LNAME_NO_TRANS to defer mapping to later -modules.</p> -<p>If a module implements <strong>an2ln</strong>, it must also implement -<strong>free_string</strong> to ensure that memory is allocated and deallocated -consistently.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Local authorization interface (localauth)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" - >previous</a> | - <a href="locate.html" title="Server location interface (locate)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Local authorization interface (localauth)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/locate.html b/crypto/krb5/doc/html/plugindev/locate.html deleted file mode 100644 index 9aeb3dabed0a..000000000000 --- a/crypto/krb5/doc/html/plugindev/locate.html +++ /dev/null @@ -1,163 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Server location interface (locate) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Configuration interface (profile)" href="profile.html" /> - <link rel="prev" title="Local authorization interface (localauth)" href="localauth.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="localauth.html" title="Local authorization interface (localauth)" - accesskey="P">previous</a> | - <a href="profile.html" title="Configuration interface (profile)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Server location interface (locate)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="server-location-interface-locate"> -<h1>Server location interface (locate)<a class="headerlink" href="#server-location-interface-locate" title="Link to this heading">¶</a></h1> -<p>The locate interface allows modules to control how KDCs and similar -services are located by clients. For a detailed description of the -ccselect interface, see the header file <code class="docutils literal notranslate"><span class="pre"><krb5/locate_plugin.h></span></code>.</p> -<p>A locate module exports a structure object of type -krb5plugin_service_locate_ftable, with the name <code class="docutils literal notranslate"><span class="pre">service_locator</span></code>. -The structure contains a minor version and pointers to the module’s -methods.</p> -<p>The primary locate method is <strong>lookup</strong>, which accepts a service type, -realm name, desired socket type, and desired address family (which -will be AF_UNSPEC if no specific address family is desired). The -method should invoke the callback function once for each server -address it wants to return, passing a socket type (SOCK_STREAM for TCP -or SOCK_DGRAM for UDP) and socket address. The <strong>lookup</strong> method -should return 0 if it has authoritatively determined the server -addresses for the realm, KRB5_PLUGIN_NO_HANDLE if it wants to let -other location mechanisms determine the server addresses, or another -code if it experienced a failure which should abort the location -process.</p> -<p>A module can create and destroy per-library-context state objects by -implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have -the type void *, and should be cast to an internal type for the state -object.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Server location interface (locate)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="localauth.html" title="Local authorization interface (localauth)" - >previous</a> | - <a href="profile.html" title="Configuration interface (profile)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Server location interface (locate)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/profile.html b/crypto/krb5/doc/html/plugindev/profile.html deleted file mode 100644 index b6935dc8e457..000000000000 --- a/crypto/krb5/doc/html/plugindev/profile.html +++ /dev/null @@ -1,227 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Configuration interface (profile) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="GSSAPI mechanism interface" href="gssapi.html" /> - <link rel="prev" title="Server location interface (locate)" href="locate.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="locate.html" title="Server location interface (locate)" - accesskey="P">previous</a> | - <a href="gssapi.html" title="GSSAPI mechanism interface" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="configuration-interface-profile"> -<span id="profile-plugin"></span><h1>Configuration interface (profile)<a class="headerlink" href="#configuration-interface-profile" title="Link to this heading">¶</a></h1> -<p>The profile interface allows a module to control how krb5 -configuration information is obtained by the Kerberos library and -applications. For a detailed description of the profile interface, -see the header file <code class="docutils literal notranslate"><span class="pre"><profile.h></span></code>.</p> -<div class="admonition note"> -<p class="admonition-title">Note</p> -<p>The profile interface does not follow the normal conventions -for MIT krb5 pluggable interfaces, because it is part of a -lower-level component of the krb5 library.</p> -</div> -<p>As with other types of plugin modules, a profile module is a Unix -shared object or Windows DLL, built separately from the krb5 tree. -The krb5 library will dynamically load and use a profile plugin module -if it reads a <code class="docutils literal notranslate"><span class="pre">module</span></code> directive at the beginning of krb5.conf, as -described in <a class="reference internal" href="../admin/host_config.html#profile-plugin-config"><span class="std std-ref">Configuration profile modules</span></a>.</p> -<p>A profile module exports a function named <code class="docutils literal notranslate"><span class="pre">profile_module_init</span></code> -matching the signature of the profile_module_init_fn type. This -function accepts a residual string, which may be used to help locate -the configuration source. The function fills in a vtable and may also -create a per-profile state object. If the module uses state objects, -it should implement the <strong>copy</strong> and <strong>cleanup</strong> methods to manage -them.</p> -<p>A basic read-only profile module need only implement the -<strong>get_values</strong> and <strong>free_values</strong> methods. The <strong>get_values</strong> method -accepts a null-terminated list of C string names (e.g., an array -containing “libdefaults”, “clockskew”, and NULL for the <strong>clockskew</strong> -variable in the <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a> section) and returns a -null-terminated list of values, which will be cleaned up with the -<strong>free_values</strong> method when the caller is done with them.</p> -<p>Iterable profile modules must also define the <strong>iterator_create</strong>, -<strong>iterator</strong>, <strong>iterator_free</strong>, and <strong>free_string</strong> methods. The -core krb5 code does not require profiles to be iterable, but some -applications may iterate over the krb5 profile object in order to -present configuration interfaces.</p> -<p>Writable profile modules must also define the <strong>writable</strong>, -<strong>modified</strong>, <strong>update_relation</strong>, <strong>rename_section</strong>, -<strong>add_relation</strong>, and <strong>flush</strong> methods. The core krb5 code does not -require profiles to be writable, but some applications may write to -the krb5 profile in order to present configuration interfaces.</p> -<p>The following is an example of a very basic read-only profile module -which returns a hardcoded value for the <strong>default_realm</strong> variable in -<a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>, and provides no other configuration information. -(For conciseness, the example omits code for checking the return -values of malloc and strdup.)</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include <stdlib.h></span> -<span class="c1">#include <string.h></span> -<span class="c1">#include <profile.h></span> - -<span class="n">static</span> <span class="n">long</span> -<span class="n">get_values</span><span class="p">(</span><span class="n">void</span> <span class="o">*</span><span class="n">cbdata</span><span class="p">,</span> <span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">const</span> <span class="o">*</span><span class="n">names</span><span class="p">,</span> <span class="n">char</span> <span class="o">***</span><span class="n">values</span><span class="p">)</span> -<span class="p">{</span> - <span class="k">if</span> <span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">!=</span> <span class="n">NULL</span> <span class="o">&&</span> <span class="n">strcmp</span><span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="s2">"libdefaults"</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span> <span class="o">&&</span> - <span class="n">names</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">!=</span> <span class="n">NULL</span> <span class="o">&&</span> <span class="n">strcmp</span><span class="p">(</span><span class="n">names</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="s2">"default_realm"</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> - <span class="o">*</span><span class="n">values</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">2</span> <span class="o">*</span> <span class="n">sizeof</span><span class="p">(</span><span class="n">char</span> <span class="o">*</span><span class="p">));</span> - <span class="p">(</span><span class="o">*</span><span class="n">values</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="n">strdup</span><span class="p">(</span><span class="s2">"ATHENA.MIT.EDU"</span><span class="p">);</span> - <span class="p">(</span><span class="o">*</span><span class="n">values</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">NULL</span><span class="p">;</span> - <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> - <span class="p">}</span> - <span class="k">return</span> <span class="n">PROF_NO_RELATION</span><span class="p">;</span> -<span class="p">}</span> - -<span class="n">static</span> <span class="n">void</span> -<span class="n">free_values</span><span class="p">(</span><span class="n">void</span> <span class="o">*</span><span class="n">cbdata</span><span class="p">,</span> <span class="n">char</span> <span class="o">**</span><span class="n">values</span><span class="p">)</span> -<span class="p">{</span> - <span class="n">char</span> <span class="o">**</span><span class="n">v</span><span class="p">;</span> - - <span class="k">for</span> <span class="p">(</span><span class="n">v</span> <span class="o">=</span> <span class="n">values</span><span class="p">;</span> <span class="o">*</span><span class="n">v</span><span class="p">;</span> <span class="n">v</span><span class="o">++</span><span class="p">)</span> - <span class="n">free</span><span class="p">(</span><span class="o">*</span><span class="n">v</span><span class="p">);</span> - <span class="n">free</span><span class="p">(</span><span class="n">values</span><span class="p">);</span> -<span class="p">}</span> - -<span class="n">long</span> -<span class="n">profile_module_init</span><span class="p">(</span><span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">residual</span><span class="p">,</span> <span class="n">struct</span> <span class="n">profile_vtable</span> <span class="o">*</span><span class="n">vtable</span><span class="p">,</span> - <span class="n">void</span> <span class="o">**</span><span class="n">cb_ret</span><span class="p">);</span> - -<span class="n">long</span> -<span class="n">profile_module_init</span><span class="p">(</span><span class="n">const</span> <span class="n">char</span> <span class="o">*</span><span class="n">residual</span><span class="p">,</span> <span class="n">struct</span> <span class="n">profile_vtable</span> <span class="o">*</span><span class="n">vtable</span><span class="p">,</span> - <span class="n">void</span> <span class="o">**</span><span class="n">cb_ret</span><span class="p">)</span> -<span class="p">{</span> - <span class="o">*</span><span class="n">cb_ret</span> <span class="o">=</span> <span class="n">NULL</span><span class="p">;</span> - <span class="n">vtable</span><span class="o">-></span><span class="n">get_values</span> <span class="o">=</span> <span class="n">get_values</span><span class="p">;</span> - <span class="n">vtable</span><span class="o">-></span><span class="n">free_values</span> <span class="o">=</span> <span class="n">free_values</span><span class="p">;</span> - <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> -<span class="p">}</span> -</pre></div> -</div> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Configuration interface (profile)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="locate.html" title="Server location interface (locate)" - >previous</a> | - <a href="gssapi.html" title="GSSAPI mechanism interface" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/plugindev/pwqual.html b/crypto/krb5/doc/html/plugindev/pwqual.html deleted file mode 100644 index ac33c26dda19..000000000000 --- a/crypto/krb5/doc/html/plugindev/pwqual.html +++ /dev/null @@ -1,159 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Password quality interface (pwqual) — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="KADM5 hook interface (kadm5_hook)" href="kadm5_hook.html" /> - <link rel="prev" title="Credential cache selection interface (ccselect)" href="ccselect.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="ccselect.html" title="Credential cache selection interface (ccselect)" - accesskey="P">previous</a> | - <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password quality interface (pwqual)">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="password-quality-interface-pwqual"> -<span id="pwqual-plugin"></span><h1>Password quality interface (pwqual)<a class="headerlink" href="#password-quality-interface-pwqual" title="Link to this heading">¶</a></h1> -<p>The pwqual interface allows modules to control what passwords are -allowed when a user changes passwords. For a detailed description of -the pwqual interface, see the header file <code class="docutils literal notranslate"><span class="pre"><krb5/pwqual_plugin.h></span></code>.</p> -<p>The primary pwqual method is <strong>check</strong>, which receives a password as -input and returns success (0) or a <code class="docutils literal notranslate"><span class="pre">KADM5_PASS_Q_</span></code> failure code -depending on whether the password is allowed. The <strong>check</strong> method -also receives the principal name and the name of the principal’s -password policy as input; although there is no stable interface for -the module to obtain the fields of the password policy, it can define -its own configuration or data store based on the policy name.</p> -<p>A module can create and destroy per-process state objects by -implementing the <strong>open</strong> and <strong>close</strong> methods. State objects have -the type krb5_pwqual_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. The <strong>open</strong> method also receives the name of the realm’s -dictionary file (as configured by the <strong>dict_file</strong> variable in the -<a class="reference internal" href="../admin/conf_files/kdc_conf.html#kdc-realms"><span class="std std-ref">[realms]</span></a> section of <a class="reference internal" href="../admin/conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>) if it wishes to use -it.</p> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Password quality interface (pwqual)</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Password quality interface (pwqual)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kadm5_auth.html">kadmin authorization interface (kadm5_auth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> -<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> -<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> -<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> -<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> -<li class="toctree-l2"><a class="reference internal" href="certauth.html">PKINIT certificate authorization interface (certauth)</a></li> -<li class="toctree-l2"><a class="reference internal" href="kdcpolicy.html">KDC policy interface (kdcpolicy)</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="ccselect.html" title="Credential cache selection interface (ccselect)" - >previous</a> | - <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password quality interface (pwqual)">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |