diff options
Diffstat (limited to 'doc/pdf/appdev.tex')
| -rw-r--r-- | doc/pdf/appdev.tex | 23032 |
1 files changed, 23032 insertions, 0 deletions
diff --git a/doc/pdf/appdev.tex b/doc/pdf/appdev.tex new file mode 100644 index 000000000000..947b8106d84e --- /dev/null +++ b/doc/pdf/appdev.tex @@ -0,0 +1,23032 @@ +% Generated by Sphinx. +\def\sphinxdocclass{report} +\documentclass[letterpaper,10pt,english]{sphinxmanual} +\usepackage[utf8]{inputenc} +\DeclareUnicodeCharacter{00A0}{\nobreakspace} +\usepackage{cmap} +\usepackage[T1]{fontenc} +\usepackage{babel} +\usepackage{times} +\usepackage[Bjarne]{fncychap} +\usepackage{longtable} +\usepackage{sphinx} +\usepackage{multirow} + + +\title{Kerberos Application Developer Guide} +\date{ } +\release{1.15.1} +\author{MIT} +\newcommand{\sphinxlogo}{} +\renewcommand{\releasename}{Release} +\makeindex + +\makeatletter +\def\PYG@reset{\let\PYG@it=\relax \let\PYG@bf=\relax% + \let\PYG@ul=\relax \let\PYG@tc=\relax% + \let\PYG@bc=\relax \let\PYG@ff=\relax} +\def\PYG@tok#1{\csname PYG@tok@#1\endcsname} +\def\PYG@toks#1+{\ifx\relax#1\empty\else% + \PYG@tok{#1}\expandafter\PYG@toks\fi} +\def\PYG@do#1{\PYG@bc{\PYG@tc{\PYG@ul{% + \PYG@it{\PYG@bf{\PYG@ff{#1}}}}}}} +\def\PYG#1#2{\PYG@reset\PYG@toks#1+\relax+\PYG@do{#2}} + +\expandafter\def\csname PYG@tok@gd\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.63,0.00,0.00}{##1}}} +\expandafter\def\csname PYG@tok@gu\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.50,0.00,0.50}{##1}}} +\expandafter\def\csname PYG@tok@gt\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.27,0.87}{##1}}} +\expandafter\def\csname PYG@tok@gs\endcsname{\let\PYG@bf=\textbf} +\expandafter\def\csname PYG@tok@gr\endcsname{\def\PYG@tc##1{\textcolor[rgb]{1.00,0.00,0.00}{##1}}} +\expandafter\def\csname PYG@tok@cm\endcsname{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} +\expandafter\def\csname PYG@tok@vg\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} +\expandafter\def\csname PYG@tok@m\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@mh\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@cs\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}\def\PYG@bc##1{\setlength{\fboxsep}{0pt}\colorbox[rgb]{1.00,0.94,0.94}{\strut ##1}}} +\expandafter\def\csname PYG@tok@ge\endcsname{\let\PYG@it=\textit} +\expandafter\def\csname PYG@tok@vc\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} +\expandafter\def\csname PYG@tok@il\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@go\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.20,0.20,0.20}{##1}}} +\expandafter\def\csname PYG@tok@cp\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@gi\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.63,0.00}{##1}}} +\expandafter\def\csname PYG@tok@gh\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.00,0.50}{##1}}} +\expandafter\def\csname PYG@tok@ni\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.84,0.33,0.22}{##1}}} +\expandafter\def\csname PYG@tok@nl\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.13,0.44}{##1}}} +\expandafter\def\csname PYG@tok@nn\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.05,0.52,0.71}{##1}}} +\expandafter\def\csname PYG@tok@no\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.38,0.68,0.84}{##1}}} +\expandafter\def\csname PYG@tok@na\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@nb\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@nc\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.05,0.52,0.71}{##1}}} +\expandafter\def\csname PYG@tok@nd\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.33,0.33,0.33}{##1}}} +\expandafter\def\csname PYG@tok@ne\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@nf\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.02,0.16,0.49}{##1}}} +\expandafter\def\csname PYG@tok@si\endcsname{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.44,0.63,0.82}{##1}}} +\expandafter\def\csname PYG@tok@s2\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@vi\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} +\expandafter\def\csname PYG@tok@nt\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.02,0.16,0.45}{##1}}} +\expandafter\def\csname PYG@tok@nv\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} +\expandafter\def\csname PYG@tok@s1\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@gp\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.78,0.36,0.04}{##1}}} +\expandafter\def\csname PYG@tok@sh\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@ow\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@sx\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.78,0.36,0.04}{##1}}} +\expandafter\def\csname PYG@tok@bp\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@c1\endcsname{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} +\expandafter\def\csname PYG@tok@kc\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@c\endcsname{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} +\expandafter\def\csname PYG@tok@mf\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@err\endcsname{\def\PYG@bc##1{\setlength{\fboxsep}{0pt}\fcolorbox[rgb]{1.00,0.00,0.00}{1,1,1}{\strut ##1}}} +\expandafter\def\csname PYG@tok@kd\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@ss\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.32,0.47,0.09}{##1}}} +\expandafter\def\csname PYG@tok@sr\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.14,0.33,0.53}{##1}}} +\expandafter\def\csname PYG@tok@mo\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@mi\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} +\expandafter\def\csname PYG@tok@kn\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@o\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.40,0.40,0.40}{##1}}} +\expandafter\def\csname PYG@tok@kr\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@s\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@kp\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@w\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.73,0.73}{##1}}} +\expandafter\def\csname PYG@tok@kt\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.56,0.13,0.00}{##1}}} +\expandafter\def\csname PYG@tok@sc\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@sb\endcsname{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@k\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} +\expandafter\def\csname PYG@tok@se\endcsname{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} +\expandafter\def\csname PYG@tok@sd\endcsname{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} + +\def\PYGZbs{\char`\\} +\def\PYGZus{\char`\_} +\def\PYGZob{\char`\{} +\def\PYGZcb{\char`\}} +\def\PYGZca{\char`\^} +\def\PYGZam{\char`\&} +\def\PYGZlt{\char`\<} +\def\PYGZgt{\char`\>} +\def\PYGZsh{\char`\#} +\def\PYGZpc{\char`\%} +\def\PYGZdl{\char`\$} +\def\PYGZhy{\char`\-} +\def\PYGZsq{\char`\'} +\def\PYGZdq{\char`\"} +\def\PYGZti{\char`\~} +% for compatibility with earlier versions +\def\PYGZat{@} +\def\PYGZlb{[} +\def\PYGZrb{]} +\makeatother + +\begin{document} + +\maketitle +\tableofcontents +\phantomsection\label{appdev/index::doc} + + + +\chapter{Developing with GSSAPI} +\label{appdev/gssapi:for-application-developers}\label{appdev/gssapi::doc}\label{appdev/gssapi:developing-with-gssapi} +The GSSAPI (Generic Security Services API) allows applications to +communicate securely using Kerberos 5 or other security mechanisms. +We recommend using the GSSAPI (or a higher-level framework which +encompasses GSSAPI, such as SASL) for secure network communication +over using the libkrb5 API directly. + +GSSAPIv2 is specified in \index{RFC!RFC 2743}\href{http://tools.ietf.org/html/rfc2743.html}{\textbf{RFC 2743}} and \index{RFC!RFC 2744}\href{http://tools.ietf.org/html/rfc2744.html}{\textbf{RFC 2744}}. Also see +\index{RFC!RFC 7546}\href{http://tools.ietf.org/html/rfc7546.html}{\textbf{RFC 7546}} for a description of how to use the GSSAPI in a client or +server program. + +This documentation will describe how various ways of using the +GSSAPI will behave with the krb5 mechanism as implemented in MIT krb5, +as well as krb5-specific extensions to the GSSAPI. + + +\section{Name types} +\label{appdev/gssapi:name-types} +A GSSAPI application can name a local or remote entity by calling +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.16}{gss\_import\_name}, specifying a name type and a value. The following +name types are supported by the krb5 mechanism: +\begin{itemize} +\item {} +\textbf{GSS\_C\_NT\_HOSTBASED\_SERVICE}: The value should be a string of the +form \code{service} or \code{service@hostname}. This is the most common +way to name target services when initiating a security context, and +is the most likely name type to work across multiple mechanisms. + +\item {} +\textbf{GSS\_KRB5\_NT\_PRINCIPAL\_NAME}: The value should be a principal name +string. This name type only works with the krb5 mechanism, and is +defined in the \code{\textless{}gssapi/gssapi\_krb5.h\textgreater{}} header. + +\item {} +\textbf{GSS\_C\_NT\_USER\_NAME} or \textbf{GSS\_C\_NULL\_OID}: The value is treated +as an unparsed principal name string, as above. These name types +may work with mechanisms other than krb5, but will have different +interpretations in those mechanisms. \textbf{GSS\_C\_NT\_USER\_NAME} is +intended to be used with a local username, which will parse into a +single-component principal in the default realm. + +\item {} +\textbf{GSS\_C\_NT\_ANONYMOUS}: The value is ignored. The anonymous +principal is used, allowing a client to authenticate to a server +without asserting a particular identity (which may or may not be +allowed by a particular server or Kerberos realm). + +\item {} +\textbf{GSS\_C\_NT\_MACHINE\_UID\_NAME}: The value is uid\_t object. On +Unix-like systems, the username of the uid is looked up in the +system user database and the resulting username is parsed as a +principal name. + +\item {} +\textbf{GSS\_C\_NT\_STRING\_UID\_NAME}: As above, but the value is a decimal +string representation of the uid. + +\item {} +\textbf{GSS\_C\_NT\_EXPORT\_NAME}: The value must be the result of a +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.13}{gss\_export\_name} call. + +\end{itemize} + + +\section{Initiator credentials} +\label{appdev/gssapi:initiator-credentials} +A GSSAPI client application uses \href{http://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} to establish a +security context. The \emph{initiator\_cred\_handle} parameter determines +what tickets are used to establish the connection. An application can +either pass \textbf{GSS\_C\_NO\_CREDENTIAL} to use the default client +credential, or it can use \href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} beforehand to acquire an +initiator credential. The call to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} may include a +\emph{desired\_name} parameter, or it may pass \textbf{GSS\_C\_NO\_NAME} if it does +not have a specific name preference. + +If the desired name for a krb5 initiator credential is a host-based +name, it is converted to a principal name of the form +\code{service/hostname} in the local realm, where \emph{hostname} is the local +hostname if not specified. The hostname will be canonicalized using +forward name resolution, and possibly also using reverse name +resolution depending on the value of the \textbf{rdns} variable in +\emph{libdefaults}. + +If a desired name is specified in the call to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, the +krb5 mechanism will attempt to find existing tickets for that client +principal name in the default credential cache or collection. If the +default cache type does not support a collection, and the default +cache contains credentials for a different principal than the desired +name, a \textbf{GSS\_S\_CRED\_UNAVAIL} error will be returned with a minor +code indicating a mismatch. + +If no existing tickets are available for the desired name, but the +name has an entry in the default client \emph{keytab\_definition}, the +krb5 mechanism will acquire initial tickets for the name using the +default client keytab. + +If no desired name is specified, credential acquisition will be +deferred until the credential is used in a call to +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} or \href{http://tools.ietf.org/html/rfc2744.html\#section-5.21}{gss\_inquire\_cred}. If the call is to +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context}, the target name will be used to choose a client +principal name using the credential cache selection facility. (This +facility might, for instance, try to choose existing tickets for a +client principal in the same realm as the target service). If there +are no existing tickets for the chosen principal, but it is present in +the default client keytab, the krb5 mechanism will acquire initial +tickets using the keytab. + +If the target name cannot be used to select a client principal +(because the credentials are used in a call to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.21}{gss\_inquire\_cred}), or +if the credential cache selection facility cannot choose a principal +for it, the default credential cache will be selected if it exists and +contains tickets. + +If the default credential cache does not exist, but the default client +keytab does, the krb5 mechanism will try to acquire initial tickets +for the first principal in the default client keytab. + +If the krb5 mechanism acquires initial tickets using the default +client keytab, the resulting tickets will be stored in the default +cache or collection, and will be refreshed by future calls to +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} as they approach their expire time. + + +\section{Acceptor names} +\label{appdev/gssapi:acceptor-names} +A GSSAPI server application uses \href{http://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context} to establish +a security context based on tokens provided by the client. The +\emph{acceptor\_cred\_handle} parameter determines what +\emph{keytab\_definition} entries may be authenticated to by the +client, if the krb5 mechanism is used. + +The simplest choice is to pass \textbf{GSS\_C\_NO\_CREDENTIAL} as the acceptor +credential. In this case, clients may authenticate to any service +principal in the default keytab (typically \emph{DEFKTNAME}, or the value of +the \textbf{KRB5\_KTNAME} environment variable). This is the recommended +approach if the server application has no specific requirements to the +contrary. + +A server may acquire an acceptor credential with \href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} and +a \emph{cred\_usage} of \textbf{GSS\_C\_ACCEPT} or \textbf{GSS\_C\_BOTH}. If the +\emph{desired\_name} parameter is \textbf{GSS\_C\_NO\_NAME}, then clients will be +allowed to authenticate to any service principal in the default +keytab, just as if no acceptor credential was supplied. + +If a server wishes to specify a \emph{desired\_name} to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, +the most common choice is a host-based name. If the host-based +\emph{desired\_name} contains just a \emph{service}, then clients will be allowed +to authenticate to any host-based service principal (that is, a +principal of the form \code{service/hostname@REALM}) for the named +service, regardless of hostname or realm, as long as it is present in +the default keytab. If the input name contains both a \emph{service} and a +\emph{hostname}, clients will be allowed to authenticate to any host-based +principal for the named service and hostname, regardless of realm. + +\begin{notice}{note}{Note:} +If a \emph{hostname} is specified, it will be canonicalized +using forward name resolution, and possibly also using +reverse name resolution depending on the value of the +\textbf{rdns} variable in \emph{libdefaults}. +\end{notice} + +\begin{notice}{note}{Note:} +If the \textbf{ignore\_acceptor\_hostname} variable in +\emph{libdefaults} is enabled, then \emph{hostname} will be +ignored even if one is specified in the input name. +\end{notice} + +\begin{notice}{note}{Note:} +In MIT krb5 versions prior to 1.10, and in Heimdal's +implementation of the krb5 mechanism, an input name with +just a \emph{service} is treated like an input name of +\code{service@localhostname}, where \emph{localhostname} is the +string returned by gethostname(). +\end{notice} + +If the \emph{desired\_name} is a krb5 principal name or a local system name +type which is mapped to a krb5 principal name, clients will only be +allowed to authenticate to that principal in the default keytab. + + +\section{Name Attributes} +\label{appdev/gssapi:name-attributes} +In release 1.8 or later, the \href{http://tools.ietf.org/html/rfc6680.txt\#section-7.4}{gss\_inquire\_name} and +\href{http://tools.ietf.org/html/6680.html\#section-7.5}{gss\_get\_name\_attribute} functions, specified in \index{RFC!RFC 6680}\href{http://tools.ietf.org/html/rfc6680.html}{\textbf{RFC 6680}}, can be +used to retrieve name attributes from the \emph{src\_name} returned by +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}. The following attributes are defined when +the krb5 mechanism is used: +\phantomsection\label{appdev/gssapi:gssapi-authind-attr}\begin{itemize} +\item {} +``auth-indicators'' attribute: + +\end{itemize} + +This attribute will be included in the \href{http://tools.ietf.org/html/rfc6680.txt\#section-7.4}{gss\_inquire\_name} output if the +ticket contains \emph{authentication indicators}. +One indicator is returned per invocation of \href{http://tools.ietf.org/html/6680.html\#section-7.5}{gss\_get\_name\_attribute}, +so multiple invocations may be necessary to retrieve all of the +indicators from the ticket. (New in release 1.15.) + + +\section{Importing and exporting credentials} +\label{appdev/gssapi:importing-and-exporting-credentials} +The following GSSAPI extensions can be used to import and export +credentials (declared in \code{\textless{}gssapi/gssapi\_ext.h\textgreater{}}): + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 gss\PYGZus{}export\PYGZus{}cred(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t cred\PYGZus{}handle, + gss\PYGZus{}buffer\PYGZus{}t token); + +OM\PYGZus{}uint32 gss\PYGZus{}import\PYGZus{}cred(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}buffer\PYGZus{}t token, + gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t *cred\PYGZus{}handle); +\end{Verbatim} + +The first function serializes a GSSAPI credential handle into a +buffer; the second unseralizes a buffer into a GSSAPI credential +handle. Serializing a credential does not destroy it. If any of the +mechanisms used in \emph{cred\_handle} do not support serialization, +gss\_export\_cred will return \textbf{GSS\_S\_UNAVAILABLE}. As with other +GSSAPI serialization functions, these extensions are only intended to +work with a matching implementation on the other side; they do not +serialize credentials in a standardized format. + +A serialized credential may contain secret information such as ticket +session keys. The serialization format does not protect this +information from eavesdropping or tampering. The calling application +must take care to protect the serialized credential when communicating +it over an insecure channel or to an untrusted party. + +A krb5 GSSAPI credential may contain references to a credential cache, +a client keytab, an acceptor keytab, and a replay cache. These +resources are normally serialized as references to their external +locations (such as the filename of the credential cache). Because of +this, a serialized krb5 credential can only be imported by a process +with similar privileges to the exporter. A serialized credential +should not be trusted if it originates from a source with lower +privileges than the importer, as it may contain references to external +credential cache, keytab, or replay cache resources not accessible to +the originator. + +An exception to the above rule applies when a krb5 GSSAPI credential +refers to a memory credential cache, as is normally the case for +delegated credentials received by \href{http://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}. In this +case, the contents of the credential cache are serialized, so that the +resulting token may be imported even if the original memory credential +cache no longer exists. + + +\section{Constrained delegation (S4U)} +\label{appdev/gssapi:constrained-delegation-s4u} +The Microsoft S4U2Self and S4U2Proxy Kerberos protocol extensions +allow an intermediate service to acquire credentials from a client to +a target service without requiring the client to delegate a +ticket-granting ticket, if the KDC is configured to allow it. + +To perform a constrained delegation operation, the intermediate +service must submit to the KDC an ``evidence ticket'' from the client to +the intermediate service with the forwardable bit set. An evidence +ticket can be acquired when the client authenticates to the +intermediate service with Kerberos, or with an S4U2Self request if the +KDC allows it. The MIT krb5 GSSAPI library represents an evidence +ticket using a ``proxy credential'', which is a special kind of +gss\_cred\_id\_t object whose underlying credential cache contains the +evidence ticket and a krbtgt ticket for the intermediate service. + +To acquire a proxy credential during client authentication, the +service should first create an acceptor credential using the +\textbf{GSS\_C\_BOTH} usage. The application should then pass this +credential as the \emph{acceptor\_cred\_handle} to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}, +and also pass a \emph{delegated\_cred\_handle} output parameter to receive a +proxy credential containing the evidence ticket. The output value of +\emph{delegated\_cred\_handle} may be a delegated ticket-granting ticket if +the client sent one, or a proxy credential if the client authenticated +with a forwardable service ticket, or \textbf{GSS\_C\_NO\_CREDENTIAL} if +neither is the case. + +To acquire a proxy credential using an S4U2Self request, the service +can use the following GSSAPI extension: + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 gss\PYGZus{}acquire\PYGZus{}cred\PYGZus{}impersonate\PYGZus{}name(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t icred, + gss\PYGZus{}name\PYGZus{}t desired\PYGZus{}name, + OM\PYGZus{}uint32 time\PYGZus{}req, + gss\PYGZus{}OID\PYGZus{}set desired\PYGZus{}mechs, + gss\PYGZus{}cred\PYGZus{}usage\PYGZus{}t cred\PYGZus{}usage, + gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t *output\PYGZus{}cred, + gss\PYGZus{}OID\PYGZus{}set *actual\PYGZus{}mechs, + OM\PYGZus{}uint32 *time\PYGZus{}rec); +\end{Verbatim} + +The parameters to this function are similar to those of +\href{http://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, except that \emph{icred} is used to make an S4U2Self +request to the KDC for a ticket from \emph{desired\_name} to the +intermediate service. Both \emph{icred} and \emph{desired\_name} are required +for this function; passing \textbf{GSS\_C\_NO\_CREDENTIAL} or +\textbf{GSS\_C\_NO\_NAME} will cause the call to fail. \emph{icred} must contain a +krbtgt ticket for the intermediate service. If the KDC returns a +forwardable ticket, the result of this operation is a proxy +credential; if it is not forwardable, the result is a regular +credential for \emph{desired\_name}. + +A recent KDC will usually allow any service to acquire a ticket from a +client to itself with an S4U2Self request, but the ticket will only be +forwardable if the service has a specific privilege. In the MIT krb5 +KDC, this privilege is determined by the \textbf{ok\_to\_auth\_as\_delegate} +bit on the intermediate service's principal entry, which can be +configured with \emph{kadmin(1)}. + +Once the intermediate service has a proxy credential, it can simply +pass it to \href{http://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} as the \emph{initiator\_cred\_handle} +parameter, and the desired service as the \emph{target\_name} parameter. +The GSSAPI library will present the krbtgt ticket and evidence ticket +in the proxy credential to the KDC in an S4U2Proxy request; if the +intermediate service has the appropriate permissions, the KDC will +issue a ticket from the client to the target service. The GSSAPI +library will then use this ticket to authenticate to the target +service. + + +\section{AEAD message wrapping} +\label{appdev/gssapi:aead-message-wrapping} +The following GSSAPI extensions (declared in +\code{\textless{}gssapi/gssapi\_ext.h\textgreater{}}) can be used to wrap and unwrap messages +with additional ``associated data'' which is integrity-checked but is +not included in the output buffer: + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 gss\PYGZus{}wrap\PYGZus{}aead(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + int conf\PYGZus{}req\PYGZus{}flag, gss\PYGZus{}qop\PYGZus{}t qop\PYGZus{}req, + gss\PYGZus{}buffer\PYGZus{}t input\PYGZus{}assoc\PYGZus{}buffer, + gss\PYGZus{}buffer\PYGZus{}t input\PYGZus{}payload\PYGZus{}buffer, + int *conf\PYGZus{}state, + gss\PYGZus{}buffer\PYGZus{}t output\PYGZus{}message\PYGZus{}buffer); + +OM\PYGZus{}uint32 gss\PYGZus{}unwrap\PYGZus{}aead(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + gss\PYGZus{}buffer\PYGZus{}t input\PYGZus{}message\PYGZus{}buffer, + gss\PYGZus{}buffer\PYGZus{}t input\PYGZus{}assoc\PYGZus{}buffer, + gss\PYGZus{}buffer\PYGZus{}t output\PYGZus{}payload\PYGZus{}buffer, + int *conf\PYGZus{}state, + gss\PYGZus{}qop\PYGZus{}t *qop\PYGZus{}state); +\end{Verbatim} + +Wrap tokens created with gss\_wrap\_aead will successfully unwrap only +if the same \emph{input\_assoc\_buffer} contents are presented to +gss\_unwrap\_aead. + + +\section{IOV message wrapping} +\label{appdev/gssapi:iov-message-wrapping} +The following extensions (declared in \code{\textless{}gssapi/gssapi\_ext.h\textgreater{}}) can +be used for in-place encryption, fine-grained control over wrap token +layout, and for constructing wrap tokens compatible with Microsoft DCE +RPC: + +\begin{Verbatim}[commandchars=\\\{\}] +typedef struct gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc\PYGZus{}struct \PYGZob{} + OM\PYGZus{}uint32 type; + gss\PYGZus{}buffer\PYGZus{}desc buffer; +\PYGZcb{} gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc, *gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}t; + +OM\PYGZus{}uint32 gss\PYGZus{}wrap\PYGZus{}iov(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + int conf\PYGZus{}req\PYGZus{}flag, gss\PYGZus{}qop\PYGZus{}t qop\PYGZus{}req, + int *conf\PYGZus{}state, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, int iov\PYGZus{}count); + +OM\PYGZus{}uint32 gss\PYGZus{}unwrap\PYGZus{}iov(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + int *conf\PYGZus{}state, gss\PYGZus{}qop\PYGZus{}t *qop\PYGZus{}state, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, int iov\PYGZus{}count); + +OM\PYGZus{}uint32 gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + int conf\PYGZus{}req\PYGZus{}flag, + gss\PYGZus{}qop\PYGZus{}t qop\PYGZus{}req, int *conf\PYGZus{}state, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, + int iov\PYGZus{}count); + +OM\PYGZus{}uint32 gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, + int iov\PYGZus{}count); +\end{Verbatim} + +The caller of gss\_wrap\_iov provides an array of gss\_iov\_buffer\_desc +structures, each containing a type and a gss\_buffer\_desc structure. +Valid types include: +\begin{itemize} +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_DATA}: A data buffer to be included in the +token, and to be encrypted or decrypted in-place if the token is +confidentiality-protected. + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_HEADER}: The GSSAPI wrap token header and +underlying cryptographic header. + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_TRAILER}: The cryptographic trailer, if one is +required. + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_PADDING}: Padding to be combined with the data +during encryption and decryption. (The implementation may choose to +place padding in the trailer buffer, in which case it will set the +padding buffer length to 0.) + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_STREAM}: For unwrapping only, a buffer +containing a complete wrap token in standard format to be unwrapped. + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_SIGN\_ONLY}: A buffer to be included in the +token's integrity protection checksum, but not to be encrypted or +included in the token itself. + +\end{itemize} + +For gss\_wrap\_iov, the IOV list should contain one HEADER buffer, +followed by zero or more SIGN\_ONLY buffers, followed by one or more +DATA buffers, followed by a TRAILER buffer. The memory pointed to by +the buffers is not required to be contiguous or in any particular +order. If \emph{conf\_req\_flag} is true, DATA buffers will be encrypted +in-place, while SIGN\_ONLY buffers will not be modified. + +The type of an output buffer may be combined with +\textbf{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} to request that gss\_wrap\_iov allocate +the buffer contents. If gss\_wrap\_iov allocates a buffer, it sets the +\textbf{GSS\_C\_BUFFER\_FLAG\_ALLOCATED} flag on the buffer type. +gss\_release\_iov\_buffer can be used to release all allocated buffers +within an iov list and unset their allocated flags. Here is an +example of how gss\_wrap\_iov can be used with allocation requested +(\emph{ctx} is assumed to be a previously established gss\_ctx\_id\_t): + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 major, minor; +gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc iov[4]; +char str[] = \PYGZdq{}message\PYGZdq{}; + +iov[0].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}HEADER \textbar{} GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE; +iov[1].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA; +iov[1].buffer.value = str; +iov[1].buffer.length = strlen(str); +iov[2].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}PADDING \textbar{} GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE; +iov[3].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}TRAILER \textbar{} GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE; + +major = gss\PYGZus{}wrap\PYGZus{}iov(\PYGZam{}minor, ctx, 1, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, NULL, + iov, 4); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); + +/* Transmit or otherwise use resulting buffers. */ + +(void)gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer(\PYGZam{}minor, iov, 4); +\end{Verbatim} + +If the caller does not choose to request buffer allocation by +gss\_wrap\_iov, it should first call gss\_wrap\_iov\_length to query the +lengths of the HEADER, PADDING, and TRAILER buffers. DATA buffers +must be provided in the iov list so that padding length can be +computed correctly, but the output buffers need not be initialized. +Here is an example of using gss\_wrap\_iov\_length and gss\_wrap\_iov: + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 major, minor; +gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc iov[4]; +char str[1024] = \PYGZdq{}message\PYGZdq{}, *ptr; + +iov[0].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}HEADER; +iov[1].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA; +iov[1].buffer.value = str; +iov[1].buffer.length = strlen(str); + +iov[2].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}PADDING; +iov[3].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}TRAILER; + +major = gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length(\PYGZam{}minor, ctx, 1, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, + NULL, iov, 4); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); +if (strlen(str) + iov[0].buffer.length + iov[2].buffer.length + + iov[3].buffer.length \PYGZgt{} sizeof(str)) + handle\PYGZus{}out\PYGZus{}of\PYGZus{}space\PYGZus{}error(); +ptr = str + strlen(str); +iov[0].buffer.value = ptr; +ptr += iov[0].buffer.length; +iov[2].buffer.value = ptr; +ptr += iov[2].buffer.length; +iov[3].buffer.value = ptr; + +major = gss\PYGZus{}wrap\PYGZus{}iov(\PYGZam{}minor, ctx, 1, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, NULL, + iov, 4); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); +\end{Verbatim} + +If the context was established using the \textbf{GSS\_C\_DCE\_STYLE} flag +(described in \index{RFC!RFC 4757}\href{http://tools.ietf.org/html/rfc4757.html}{\textbf{RFC 4757}}), wrap tokens compatible with Microsoft DCE +RPC can be constructed. In this case, the IOV list must include a +SIGN\_ONLY buffer, a DATA buffer, a second SIGN\_ONLY buffer, and a +HEADER buffer in that order (the order of the buffer contents remains +arbitrary). The application must pad the DATA buffer to a multiple of +16 bytes as no padding or trailer buffer is used. + +gss\_unwrap\_iov may be called with an IOV list just like one which +would be provided to gss\_wrap\_iov. DATA buffers will be decrypted +in-place if they were encrypted, and SIGN\_ONLY buffers will not be +modified. + +Alternatively, gss\_unwrap\_iov may be called with a single STREAM +buffer, zero or more SIGN\_ONLY buffers, and a single DATA buffer. The +STREAM buffer is interpreted as a complete wrap token. The STREAM +buffer will be modified in-place to decrypt its contents. The DATA +buffer will be initialized to point to the decrypted data within the +STREAM buffer, unless it has the \textbf{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} flag +set, in which case it will be initialized with a copy of the decrypted +data. Here is an example (\emph{token} and \emph{token\_len} are assumed to be a +pre-existing pointer and length for a modifiable region of data): + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 major, minor; +gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc iov[2]; + +iov[0].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}STREAM; +iov[0].buffer.value = token; +iov[0].buffer.length = token\PYGZus{}len; +iov[1].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA; +major = gss\PYGZus{}unwrap\PYGZus{}iov(\PYGZam{}minor, ctx, NULL, NULL, iov, 2); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); + +/* Decrypted data is in iov[1].buffer, pointing to a subregion of + * token. */ +\end{Verbatim} + + +\section{IOV MIC tokens} +\label{appdev/gssapi:gssapi-mic-token}\label{appdev/gssapi:iov-mic-tokens} +The following extensions (declared in \code{\textless{}gssapi/gssapi\_ext.h\textgreater{}}) can +be used in release 1.12 or later to construct and verify MIC tokens +using an IOV list: + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + gss\PYGZus{}qop\PYGZus{}t qop\PYGZus{}req, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, + int iov\PYGZus{}count); + +OM\PYGZus{}uint32 gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov\PYGZus{}length(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + gss\PYGZus{}qop\PYGZus{}t qop\PYGZus{}req, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, + iov\PYGZus{}count); + +OM\PYGZus{}uint32 gss\PYGZus{}verify\PYGZus{}mic\PYGZus{}iov(OM\PYGZus{}uint32 *minor\PYGZus{}status, + gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t context\PYGZus{}handle, + gss\PYGZus{}qop\PYGZus{}t *qop\PYGZus{}state, + gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc *iov, + int iov\PYGZus{}count); +\end{Verbatim} + +The caller of gss\_get\_mic\_iov provides an array of gss\_iov\_buffer\_desc +structures, each containing a type and a gss\_buffer\_desc structure. +Valid types include: +\begin{itemize} +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_DATA} and \textbf{GSS\_C\_BUFFER\_TYPE\_SIGN\_ONLY}: The +corresponding buffer for each of these types will be signed for the +MIC token, in the order provided. + +\item {} +\textbf{GSS\_C\_BUFFER\_TYPE\_MIC\_TOKEN}: The GSSAPI MIC token. + +\end{itemize} + +The type of the MIC\_TOKEN buffer may be combined with +\textbf{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} to request that gss\_get\_mic\_iov +allocate the buffer contents. If gss\_get\_mic\_iov allocates the +buffer, it sets the \textbf{GSS\_C\_BUFFER\_FLAG\_ALLOCATED} flag on the buffer +type. gss\_release\_iov\_buffer can be used to release all allocated +buffers within an iov list and unset their allocated flags. Here is +an example of how gss\_get\_mic\_iov can be used with allocation +requested (\emph{ctx} is assumed to be a previously established +gss\_ctx\_id\_t): + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 major, minor; +gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc iov[3]; + +iov[0].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA; +iov[0].buffer.value = \PYGZdq{}sign1\PYGZdq{}; +iov[0].buffer.length = 5; +iov[1].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}SIGN\PYGZus{}ONLY; +iov[1].buffer.value = \PYGZdq{}sign2\PYGZdq{}; +iov[1].buffer.length = 5; +iov[2].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}MIC\PYGZus{}TOKEN \textbar{} GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE; + +major = gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov(\PYGZam{}minor, ctx, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, iov, 3); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); + +/* Transmit or otherwise use iov[2].buffer. */ + +(void)gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer(\PYGZam{}minor, iov, 3); +\end{Verbatim} + +If the caller does not choose to request buffer allocation by +gss\_get\_mic\_iov, it should first call gss\_get\_mic\_iov\_length to query +the length of the MIC\_TOKEN buffer. Here is an example of using +gss\_get\_mic\_iov\_length and gss\_get\_mic\_iov: + +\begin{Verbatim}[commandchars=\\\{\}] +OM\PYGZus{}uint32 major, minor; +gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc iov[2]; +char data[1024]; + +iov[0].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}MIC\PYGZus{}TOKEN; +iov[1].type = GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA; +iov[1].buffer.value = \PYGZdq{}message\PYGZdq{}; +iov[1].buffer.length = 7; + +major = gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length(\PYGZam{}minor, ctx, 1, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, + NULL, iov, 2); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); +if (iov[0].buffer.length \PYGZgt{} sizeof(data)) + handle\PYGZus{}out\PYGZus{}of\PYGZus{}space\PYGZus{}error(); +iov[0].buffer.value = data; + +major = gss\PYGZus{}wrap\PYGZus{}iov(\PYGZam{}minor, ctx, 1, GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT, NULL, + iov, 2); +if (GSS\PYGZus{}ERROR(major)) + handle\PYGZus{}error(major, minor); +\end{Verbatim} + + +\chapter{Differences between Heimdal and MIT Kerberos API} +\label{appdev/h5l_mit_apidiff:differences-between-heimdal-and-mit-kerberos-api}\label{appdev/h5l_mit_apidiff::doc} +\begin{tabulary}{\linewidth}{|l|l|} +\hline + +{\hyperref[appdev/refs/api/krb5_auth_con_getaddrs:c.krb5_auth_con_getaddrs]{\code{krb5\_auth\_con\_getaddrs()}}} + & +H5l: If either of the pointers to local\_addr +and remote\_addr is not NULL, it is freed +first and then reallocated before being +populated with the content of corresponding +address from authentication context. +\\ +\hline +{\hyperref[appdev/refs/api/krb5_auth_con_setaddrs:c.krb5_auth_con_setaddrs]{\code{krb5\_auth\_con\_setaddrs()}}} + & +H5l: If either address is NULL, the previous +address remains in place +\\ +\hline +{\hyperref[appdev/refs/api/krb5_auth_con_setports:c.krb5_auth_con_setports]{\code{krb5\_auth\_con\_setports()}}} + & +H5l: Not implemented as of version 1.3.3 +\\ +\hline +{\hyperref[appdev/refs/api/krb5_auth_con_setrecvsubkey:c.krb5_auth_con_setrecvsubkey]{\code{krb5\_auth\_con\_setrecvsubkey()}}} + & +H5l: If either port is NULL, the previous +port remains in place +\\ +\hline +{\hyperref[appdev/refs/api/krb5_auth_con_setsendsubkey:c.krb5_auth_con_setsendsubkey]{\code{krb5\_auth\_con\_setsendsubkey()}}} + & +H5l: Not implemented as of version 1.3.3 +\\ +\hline +{\hyperref[appdev/refs/api/krb5_cc_set_config:c.krb5_cc_set_config]{\code{krb5\_cc\_set\_config()}}} + & +MIT: Before version 1.10 it was assumed that +the last argument \emph{data} is ALWAYS non-zero. +\\ +\hline +{\hyperref[appdev/refs/api/krb5_cccol_last_change_time:c.krb5_cccol_last_change_time]{\code{krb5\_cccol\_last\_change\_time()}}} + & +H5l takes 3 arguments: krb5\_context context, +const char *type, krb5\_timestamp *change\_time +MIT takes two arguments: krb5\_context context, +krb5\_timestamp *change\_time +\\ +\hline +{\hyperref[appdev/refs/api/krb5_set_default_realm:c.krb5_set_default_realm]{\code{krb5\_set\_default\_realm()}}} + & +H5l: Caches the computed default realm context +field. If the second argument is NULL, +it tries to retrieve it from libdefaults or DNS. +MIT: Computes the default realm each time +if it wasn't explicitly set in the context +\\ +\hline\end{tabulary} + + + +\chapter{Initial credentials} +\label{appdev/init_creds:initial-credentials}\label{appdev/init_creds::doc} +Software that performs tasks such as logging users into a computer +when they type their Kerberos password needs to get initial +credentials (usually ticket granting tickets) from Kerberos. Such +software shares some behavior with the \emph{kinit(1)} program. + +Whenever a program grants access to a resource (such as a local login +session on a desktop computer) based on a user successfully getting +initial Kerberos credentials, it must verify those credentials against +a secure shared secret (e.g., a host keytab) to ensure that the user +credentials actually originate from a legitimate KDC. Failure to +perform this verification is a critical vulnerability, because a +malicious user can execute the ``Zanarotti attack'': the user constructs +a fake response that appears to come from the legitimate KDC, but +whose contents come from an attacker-controlled KDC. + +Some applications read a Kerberos password over the network (ideally +over a secure channel), which they then verify against the KDC. While +this technique may be the only practical way to integrate Kerberos +into some existing legacy systems, its use is contrary to the original +design goals of Kerberos. + +The function {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} will get initial +credentials for a client using a password. An application that needs +to verify the credentials can call {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}}. +Here is an example of code to obtain and verify TGT credentials, given +strings \emph{princname} and \emph{password} for the client principal name and +password: + +\begin{Verbatim}[commandchars=\\\{\}] +krb5\PYGZus{}error\PYGZus{}code ret; +krb5\PYGZus{}creds creds; +krb5\PYGZus{}principal client\PYGZus{}princ = NULL; + +memset(\PYGZam{}creds, 0, sizeof(creds)); +ret = krb5\PYGZus{}parse\PYGZus{}name(context, princname, \PYGZam{}client\PYGZus{}princ); +if (ret) + goto cleanup; +ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password(context, \PYGZam{}creds, client\PYGZus{}princ, + password, NULL, NULL, 0, NULL, NULL); +if (ret) + goto cleanup; +ret = krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds(context, \PYGZam{}creds, NULL, NULL, NULL, NULL); + +cleanup: +krb5\PYGZus{}free\PYGZus{}principal(context, client\PYGZus{}princ); +krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents(context, \PYGZam{}creds); +return ret; +\end{Verbatim} + + +\section{Options for get\_init\_creds} +\label{appdev/init_creds:options-for-get-init-creds} +The function {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} takes an options +parameter (which can be a null pointer). Use the function +{\hyperref[appdev/refs/api/krb5_get_init_creds_opt_alloc:c.krb5_get_init_creds_opt_alloc]{\code{krb5\_get\_init\_creds\_opt\_alloc()}}} to allocate an options +structure, and {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_free:c.krb5_get_init_creds_opt_free]{\code{krb5\_get\_init\_creds\_opt\_free()}}} to free it. For +example: + +\begin{Verbatim}[commandchars=\\\{\}] +krb5\PYGZus{}error\PYGZus{}code ret; +krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt *opt = NULL; +krb5\PYGZus{}creds creds; + +memset(\PYGZam{}creds, 0, sizeof(creds)); +ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}alloc(context, \PYGZam{}opt); +if (ret) + goto cleanup; +krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}tkt\PYGZus{}life(opt, 24 * 60 * 60); +ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password(context, \PYGZam{}creds, client\PYGZus{}princ, + password, NULL, NULL, 0, NULL, opt); +if (ret) + goto cleanup; + +cleanup: +krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}free(context, opt); +krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents(context, \PYGZam{}creds); +return ret; +\end{Verbatim} + + +\section{Getting anonymous credentials} +\label{appdev/init_creds:getting-anonymous-credentials} +As of release 1.8, it is possible to obtain fully anonymous or +partially anonymous (realm-exposed) credentials, if the KDC supports +it. The MIT KDC supports issuing fully anonymous credentials as of +release 1.8 if configured appropriately (see \emph{anonymous\_pkinit}), +but does not support issuing realm-exposed anonymous credentials at +this time. + +To obtain fully anonymous credentials, call +{\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:c.krb5_get_init_creds_opt_set_anonymous]{\code{krb5\_get\_init\_creds\_opt\_set\_anonymous()}}} on the options +structure to set the anonymous flag, and specify a client principal +with the KDC's realm and a single empty data component (the principal +obtained by parsing \code{@}\emph{realmname}). Authentication will take +place using anonymous PKINIT; if successful, the client principal of +the resulting tickets will be +\code{WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS}. Here is an example: + +\begin{Verbatim}[commandchars=\\\{\}] +krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}anonymous(opt, 1); +ret = krb5\PYGZus{}build\PYGZus{}principal(context, \PYGZam{}client\PYGZus{}princ, strlen(myrealm), + myrealm, \PYGZdq{}\PYGZdq{}, (char *)NULL); +if (ret) + goto cleanup; +ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password(context, \PYGZam{}creds, client\PYGZus{}princ, + password, NULL, NULL, 0, NULL, opt); +if (ret) + goto cleanup; +\end{Verbatim} + +To obtain realm-exposed anonymous credentials, set the anonymous flag +on the options structure as above, but specify a normal client +principal in order to prove membership in the realm. Authentication +will take place as it normally does; if successful, the client +principal of the resulting tickets will be \code{WELLKNOWN/ANONYMOUS@}\emph{realmname}. + + +\section{User interaction} +\label{appdev/init_creds:user-interaction} +Authenticating a user usually requires the entry of secret +information, such as a password. A password can be supplied directly +to {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} via the \emph{password} +parameter, or the application can supply prompter and/or responder +callbacks instead. If callbacks are used, the user can also be +queried for other secret information such as a PIN, informed of +impending password expiration, or prompted to change a password which +has expired. + + +\subsection{Prompter callback} +\label{appdev/init_creds:prompter-callback} +A prompter callback can be specified via the \emph{prompter} and \emph{data} +parameters to {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}}. The prompter +will be invoked each time the krb5 library has a question to ask or +information to present. When the prompter callback is invoked, the +\emph{banner} argument (if not null) is intended to be displayed to the +user, and the questions to be answered are specified in the \emph{prompts} +array. Each prompt contains a text question in the \emph{prompt} field, a +\emph{hidden} bit to indicate whether the answer should be hidden from +display, and a storage area for the answer in the \emph{reply} field. The +callback should fill in each question's \code{reply-\textgreater{}data} with the +answer, up to a maximum number of \code{reply-\textgreater{}length} bytes, and then +reset \code{reply-\textgreater{}length} to the length of the answer. + +A prompter callback can call {\hyperref[appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types]{\code{krb5\_get\_prompt\_types()}}} to get an +array of type constants corresponding to the prompts, to get +programmatic information about the semantic meaning of the questions. +{\hyperref[appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types]{\code{krb5\_get\_prompt\_types()}}} may return a null pointer if no prompt +type information is available. + +Text-based applications can use a built-in text prompter +implementation by supplying {\hyperref[appdev/refs/api/krb5_prompter_posix:c.krb5_prompter_posix]{\code{krb5\_prompter\_posix()}}} as the +\emph{prompter} parameter and a null pointer as the \emph{data} parameter. For +example: + +\begin{Verbatim}[commandchars=\\\{\}] +ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password(context, \PYGZam{}creds, client\PYGZus{}princ, + NULL, krb5\PYGZus{}prompter\PYGZus{}posix, NULL, 0, + NULL, NULL); +\end{Verbatim} + + +\subsection{Responder callback} +\label{appdev/init_creds:responder-callback} +A responder callback can be specified through the init\_creds options +using the {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_responder:c.krb5_get_init_creds_opt_set_responder]{\code{krb5\_get\_init\_creds\_opt\_set\_responder()}}} function. +Responder callbacks can present a more sophisticated user interface +for authentication secrets. The responder callback is usually invoked +only once per authentication, with a list of questions produced by all +of the allowed preauthentication mechanisms. + +When the responder callback is invoked, the \emph{rctx} argument can be +accessed to obtain the list of questions and to answer them. The +{\hyperref[appdev/refs/api/krb5_responder_list_questions:c.krb5_responder_list_questions]{\code{krb5\_responder\_list\_questions()}}} function retrieves an array of +question types. For each question type, the +{\hyperref[appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge]{\code{krb5\_responder\_get\_challenge()}}} function retrieves additional +information about the question, if applicable, and the +{\hyperref[appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer]{\code{krb5\_responder\_set\_answer()}}} function sets the answer. + +Responder question types, challenges, and answers are UTF-8 strings. +The question type is a well-known string; the meaning of the challenge +and answer depend on the question type. If an application does not +understand a question type, it cannot interpret the challenge or +provide an answer. Failing to answer a question typically results in +the prompter callback being used as a fallback. + + +\subsubsection{Password question} +\label{appdev/init_creds:password-question} +The \code{KRB5\_RESPONDER\_QUESTION\_PASSWORD} (or \code{"password"}) +question type requests the user's password. This question does not +have a challenge, and the response is simply the password string. + + +\subsubsection{One-time password question} +\label{appdev/init_creds:one-time-password-question} +The \code{KRB5\_RESPONDER\_QUESTION\_OTP} (or \code{"otp"}) question +type requests a choice among one-time password tokens and the PIN and +value for the chosen token. The challenge and answer are JSON-encoded +strings, but an application can use convenience functions to avoid +doing any JSON processing itself. + +The {\hyperref[appdev/refs/api/krb5_responder_otp_get_challenge:c.krb5_responder_otp_get_challenge]{\code{krb5\_responder\_otp\_get\_challenge()}}} function decodes the +challenge into a krb5\_responder\_otp\_challenge structure. The +{\hyperref[appdev/refs/api/krb5_responder_otp_set_answer:c.krb5_responder_otp_set_answer]{\code{krb5\_responder\_otp\_set\_answer()}}} function selects one of the +token information elements from the challenge and supplies the value +and pin for that token. + + +\subsubsection{PKINIT password or PIN question} +\label{appdev/init_creds:pkinit-password-or-pin-question} +The \code{KRB5\_RESPONDER\_QUESTION\_PKINIT} (or \code{"pkinit"}) question +type requests PINs for hardware devices and/or passwords for encrypted +credentials which are stored on disk, potentially also supplying +information about the state of the hardware devices. The challenge and +answer are JSON-encoded strings, but an application can use convenience +functions to avoid doing any JSON processing itself. + +The {\hyperref[appdev/refs/api/krb5_responder_pkinit_get_challenge:c.krb5_responder_pkinit_get_challenge]{\code{krb5\_responder\_pkinit\_get\_challenge()}}} function decodes the +challenges into a krb5\_responder\_pkinit\_challenge structure. The +{\hyperref[appdev/refs/api/krb5_responder_pkinit_set_answer:c.krb5_responder_pkinit_set_answer]{\code{krb5\_responder\_pkinit\_set\_answer()}}} function can be used to +supply the PIN or password for a particular client credential, and can +be called multiple times. + + +\subsubsection{Example} +\label{appdev/init_creds:example} +Here is an example of using a responder callback: + +\begin{Verbatim}[commandchars=\\\{\}] +static krb5\PYGZus{}error\PYGZus{}code +my\PYGZus{}responder(krb5\PYGZus{}context context, void *data, + krb5\PYGZus{}responder\PYGZus{}context rctx) +\PYGZob{} + krb5\PYGZus{}error\PYGZus{}code ret; + krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}challenge *chl; + + if (krb5\PYGZus{}responder\PYGZus{}get\PYGZus{}challenge(context, rctx, + KRB5\PYGZus{}RESPONDER\PYGZus{}QUESTION\PYGZus{}PASSWORD)) \PYGZob{} + ret = krb5\PYGZus{}responder\PYGZus{}set\PYGZus{}answer(context, rctx, + KRB5\PYGZus{}RESPONDER\PYGZus{}QUESTION\PYGZus{}PASSWORD, + \PYGZdq{}open sesame\PYGZdq{}); + if (ret) + return ret; + \PYGZcb{} + ret = krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}get\PYGZus{}challenge(context, rctx, \PYGZam{}chl); + if (ret == 0 \PYGZam{}\PYGZam{} chl != NULL) \PYGZob{} + ret = krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}set\PYGZus{}answer(context, rctx, 0, \PYGZdq{}1234\PYGZdq{}, + NULL); + krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}challenge\PYGZus{}free(context, rctx, chl); + if (ret) + return ret; + \PYGZcb{} + return 0; +\PYGZcb{} + +static krb5\PYGZus{}error\PYGZus{}code +get\PYGZus{}creds(krb5\PYGZus{}context context, krb5\PYGZus{}principal client\PYGZus{}princ) +\PYGZob{} + krb5\PYGZus{}error\PYGZus{}code ret; + krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt *opt = NULL; + krb5\PYGZus{}creds creds; + + memset(\PYGZam{}creds, 0, sizeof(creds)); + ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}alloc(context, \PYGZam{}opt); + if (ret) + goto cleanup; + ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}responder(context, opt, my\PYGZus{}responder, + NULL); + if (ret) + goto cleanup; + ret = krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password(context, \PYGZam{}creds, client\PYGZus{}princ, + NULL, NULL, NULL, 0, NULL, opt); + +cleanup: + krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}free(context, opt); + krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents(context, \PYGZam{}creds); + return ret; +\PYGZcb{} +\end{Verbatim} + + +\section{Verifying initial credentials} +\label{appdev/init_creds:verifying-initial-credentials} +Use the function {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} to verify initial +credentials. It takes an options structure (which can be a null +pointer). Use {\hyperref[appdev/refs/api/krb5_verify_init_creds_opt_init:c.krb5_verify_init_creds_opt_init]{\code{krb5\_verify\_init\_creds\_opt\_init()}}} to initialize +the caller-allocated options structure, and +{\hyperref[appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:c.krb5_verify_init_creds_opt_set_ap_req_nofail]{\code{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail()}}} to set the +``nofail'' option. For example: + +\begin{Verbatim}[commandchars=\\\{\}] +krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt vopt; + +krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}init(\PYGZam{}vopt); +krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}ap\PYGZus{}req\PYGZus{}nofail(\PYGZam{}vopt, 1); +ret = krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds(context, \PYGZam{}creds, NULL, NULL, NULL, \PYGZam{}vopt); +\end{Verbatim} + +The confusingly named ``nofail'' option, when set, means that the +verification must actually succeed in order for +{\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} to indicate success. The default +state of this option (cleared) means that if there is no key material +available to verify the user credentials, the verification will +succeed anyway. (The default can be changed by a configuration file +setting.) + +This accommodates a use case where a large number of unkeyed shared +desktop workstations need to allow users to log in using Kerberos. +The security risks from this practice are mitigated by the absence of +valuable state on the shared workstations---any valuable resources +that the users would access reside on networked servers. + + +\chapter{Principal manipulation and parsing} +\label{appdev/princ_handle:principal-manipulation-and-parsing}\label{appdev/princ_handle::doc} +Kerberos principal structure + +{\hyperref[appdev/refs/types/krb5_principal_data:c.krb5_principal_data]{\code{krb5\_principal\_data}}} + +{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{\code{krb5\_principal}}} + +Create and free principal + +{\hyperref[appdev/refs/api/krb5_build_principal:c.krb5_build_principal]{\code{krb5\_build\_principal()}}} + +{\hyperref[appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va]{\code{krb5\_build\_principal\_alloc\_va()}}} + +{\hyperref[appdev/refs/api/krb5_build_principal_ext:c.krb5_build_principal_ext]{\code{krb5\_build\_principal\_ext()}}} + +{\hyperref[appdev/refs/api/krb5_copy_principal:c.krb5_copy_principal]{\code{krb5\_copy\_principal()}}} + +{\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} + +{\hyperref[appdev/refs/api/krb5_cc_get_principal:c.krb5_cc_get_principal]{\code{krb5\_cc\_get\_principal()}}} + +Comparing + +{\hyperref[appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare]{\code{krb5\_principal\_compare()}}} + +{\hyperref[appdev/refs/api/krb5_principal_compare_flags:c.krb5_principal_compare_flags]{\code{krb5\_principal\_compare\_flags()}}} + +{\hyperref[appdev/refs/api/krb5_principal_compare_any_realm:c.krb5_principal_compare_any_realm]{\code{krb5\_principal\_compare\_any\_realm()}}} + +{\hyperref[appdev/refs/api/krb5_sname_match:c.krb5_sname_match]{\code{krb5\_sname\_match()}}} + +{\hyperref[appdev/refs/api/krb5_sname_to_principal:c.krb5_sname_to_principal]{\code{krb5\_sname\_to\_principal()}}} + +Parsing: + +{\hyperref[appdev/refs/api/krb5_parse_name:c.krb5_parse_name]{\code{krb5\_parse\_name()}}} + +{\hyperref[appdev/refs/api/krb5_parse_name_flags:c.krb5_parse_name_flags]{\code{krb5\_parse\_name\_flags()}}} + +{\hyperref[appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name]{\code{krb5\_unparse\_name()}}} + +{\hyperref[appdev/refs/api/krb5_unparse_name_flags:c.krb5_unparse_name_flags]{\code{krb5\_unparse\_name\_flags()}}} + +Utilities: + +{\hyperref[appdev/refs/api/krb5_is_config_principal:c.krb5_is_config_principal]{\code{krb5\_is\_config\_principal()}}} + +{\hyperref[appdev/refs/api/krb5_kuserok:c.krb5_kuserok]{\code{krb5\_kuserok()}}} + +{\hyperref[appdev/refs/api/krb5_set_password:c.krb5_set_password]{\code{krb5\_set\_password()}}} + +{\hyperref[appdev/refs/api/krb5_set_password_using_ccache:c.krb5_set_password_using_ccache]{\code{krb5\_set\_password\_using\_ccache()}}} + +{\hyperref[appdev/refs/api/krb5_set_principal_realm:c.krb5_set_principal_realm]{\code{krb5\_set\_principal\_realm()}}} + +{\hyperref[appdev/refs/api/krb5_realm_compare:c.krb5_realm_compare]{\code{krb5\_realm\_compare()}}} + + +\chapter{Complete reference - API and datatypes} +\label{appdev/refs/index:complete-reference-api-and-datatypes}\label{appdev/refs/index::doc} + +\section{krb5 API} +\label{appdev/refs/api/index:krb5-api}\label{appdev/refs/api/index::doc} + +\subsection{Frequently used public interfaces} +\label{appdev/refs/api/index:frequently-used-public-interfaces} + +\subsubsection{krb5\_build\_principal - Build a principal name using null-terminated strings.} +\label{appdev/refs/api/krb5_build_principal:krb5-build-principal-build-a-principal-name-using-null-terminated-strings}\label{appdev/refs/api/krb5_build_principal::doc}\index{krb5\_build\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_build_principal:c.krb5_build_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_build\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â princ}, unsigned int\emph{Â rlen}, const char *\emph{Â realm}, ...}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{princ} - Principal name + +\textbf{{[}in{]}} \textbf{rlen} - Realm name length + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Call {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{princ} when it is no longer needed. + +\begin{notice}{note}{Note:} +{\hyperref[appdev/refs/api/krb5_build_principal:c.krb5_build_principal]{\code{krb5\_build\_principal()}}} and {\hyperref[appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va]{\code{krb5\_build\_principal\_alloc\_va()}}} perform the same task. {\hyperref[appdev/refs/api/krb5_build_principal:c.krb5_build_principal]{\code{krb5\_build\_principal()}}} takes variadic arguments. {\hyperref[appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va]{\code{krb5\_build\_principal\_alloc\_va()}}} takes a pre-computed \emph{varargs} pointer. +\end{notice} + + +\subsubsection{krb5\_build\_principal\_alloc\_va - Build a principal name, using a precomputed variable argument list.} +\label{appdev/refs/api/krb5_build_principal_alloc_va:krb5-build-principal-alloc-va-build-a-principal-name-using-a-precomputed-variable-argument-list}\label{appdev/refs/api/krb5_build_principal_alloc_va::doc}\index{krb5\_build\_principal\_alloc\_va (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_build\_principal\_alloc\_va}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â princ}, unsigned int\emph{Â rlen}, const char *\emph{Â realm}, va\_list\emph{Â ap}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{princ} - Principal structure + +\textbf{{[}in{]}} \textbf{rlen} - Realm name length + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\textbf{{[}in{]}} \textbf{ap} - List of char * components, ending with NULL + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Similar to {\hyperref[appdev/refs/api/krb5_build_principal:c.krb5_build_principal]{\code{krb5\_build\_principal()}}} , this function builds a principal name, but its name components are specified as a va\_list. + +Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to deallocate \emph{princ} when it is no longer needed. + + +\subsubsection{krb5\_build\_principal\_ext - Build a principal name using length-counted strings.} +\label{appdev/refs/api/krb5_build_principal_ext:krb5-build-principal-ext-build-a-principal-name-using-length-counted-strings}\label{appdev/refs/api/krb5_build_principal_ext::doc}\index{krb5\_build\_principal\_ext (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_build_principal_ext:c.krb5_build_principal_ext}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_build\_principal\_ext}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â princ}, unsigned int\emph{Â rlen}, const char *\emph{Â realm}, ...}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{princ} - Principal name + +\textbf{{[}in{]}} \textbf{rlen} - Realm name length + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free allocated memory for principal when it is no longer needed. + + +\subsubsection{krb5\_cc\_close - Close a credential cache handle.} +\label{appdev/refs/api/krb5_cc_close:krb5-cc-close-close-a-credential-cache-handle}\label{appdev/refs/api/krb5_cc_close::doc}\index{krb5\_cc\_close (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_close:c.krb5_cc_close}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_close}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function closes a credential cache handle \emph{cache} without affecting the contents of the cache. + + +\subsubsection{krb5\_cc\_default - Resolve the default credential cache name.} +\label{appdev/refs/api/krb5_cc_default::doc}\label{appdev/refs/api/krb5_cc_default:krb5-cc-default-resolve-the-default-credential-cache-name}\index{krb5\_cc\_default (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_default:c.krb5_cc_default}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_default}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{ccache} - Pointer to credential cache name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KV5M\_CONTEXT Bad magic number for \_krb5\_context structure + +\item {} +KRB5\_FCC\_INTERNAL The name of the default credential cache cannot be obtained + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Create a handle to the default credential cache as given by {\hyperref[appdev/refs/api/krb5_cc_default_name:c.krb5_cc_default_name]{\code{krb5\_cc\_default\_name()}}} . + + +\subsubsection{krb5\_cc\_default\_name - Return the name of the default credential cache.} +\label{appdev/refs/api/krb5_cc_default_name::doc}\label{appdev/refs/api/krb5_cc_default_name:krb5-cc-default-name-return-the-name-of-the-default-credential-cache}\index{krb5\_cc\_default\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_default_name:c.krb5_cc_default_name}\pysiglinewithargsret{const char * \bfcode{krb5\_cc\_default\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +Name of default credential cache for the current user. + +\end{itemize} + +\end{description}\end{quote} + +Return a pointer to the default credential cache name for \emph{context} , as determined by a prior call to {\hyperref[appdev/refs/api/krb5_cc_set_default_name:c.krb5_cc_set_default_name]{\code{krb5\_cc\_set\_default\_name()}}} , by the KRB5CCNAME environment variable, by the default\_ccache\_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when \emph{context} is destroyed {\hyperref[appdev/refs/api/krb5_free_context:c.krb5_free_context]{\code{krb5\_free\_context()}}} or if a subsequent call to {\hyperref[appdev/refs/api/krb5_cc_set_default_name:c.krb5_cc_set_default_name]{\code{krb5\_cc\_set\_default\_name()}}} is made on \emph{context} . + +The default credential cache name is cached in \emph{context} between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke {\hyperref[appdev/refs/api/krb5_cc_set_default_name:c.krb5_cc_set_default_name]{\code{krb5\_cc\_set\_default\_name()}}} with a NULL value of \emph{name} to clear the cached value and force the default name to be recomputed. + + +\subsubsection{krb5\_cc\_destroy - Destroy a credential cache.} +\label{appdev/refs/api/krb5_cc_destroy:krb5-cc-destroy-destroy-a-credential-cache}\label{appdev/refs/api/krb5_cc_destroy::doc}\index{krb5\_cc\_destroy (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_destroy:c.krb5_cc_destroy}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_destroy}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Permission errors + +\end{itemize} + +\end{description}\end{quote} + +This function destroys any existing contents of \emph{cache} and closes the handle to it. + + +\subsubsection{krb5\_cc\_dup - Duplicate ccache handle.} +\label{appdev/refs/api/krb5_cc_dup:krb5-cc-dup-duplicate-ccache-handle}\label{appdev/refs/api/krb5_cc_dup::doc}\index{krb5\_cc\_dup (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_dup:c.krb5_cc_dup}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_dup}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â in}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{in} - Credential cache handle to be duplicated + +\textbf{{[}out{]}} \textbf{out} - Credential cache handle + +\end{description}\end{quote} + +Create a new handle referring to the same cache as \emph{in} . The new handle and \emph{in} can be closed independently. + + +\subsubsection{krb5\_cc\_get\_name - Retrieve the name, but not type of a credential cache.} +\label{appdev/refs/api/krb5_cc_get_name::doc}\label{appdev/refs/api/krb5_cc_get_name:krb5-cc-get-name-retrieve-the-name-but-not-type-of-a-credential-cache}\index{krb5\_cc\_get\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_name:c.krb5_cc_get_name}\pysiglinewithargsret{const char * \bfcode{krb5\_cc\_get\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +On success - the name of the credential cache. + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{warning}{Warning:} +Returns the name of the credential cache. The result is an alias into \emph{cache} and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to {\hyperref[appdev/refs/api/krb5_cc_resolve:c.krb5_cc_resolve]{\code{krb5\_cc\_resolve()}}} . +\end{notice} + + +\subsubsection{krb5\_cc\_get\_principal - Get the default principal of a credential cache.} +\label{appdev/refs/api/krb5_cc_get_principal:krb5-cc-get-principal-get-the-default-principal-of-a-credential-cache}\label{appdev/refs/api/krb5_cc_get_principal::doc}\index{krb5\_cc\_get\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_principal:c.krb5_cc_get_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_get\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â principal}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}out{]}} \textbf{principal} - Primary principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Returns the default client principal of a credential cache as set by {\hyperref[appdev/refs/api/krb5_cc_initialize:c.krb5_cc_initialize]{\code{krb5\_cc\_initialize()}}} . + +Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{principal} when it is no longer needed. + + +\subsubsection{krb5\_cc\_get\_type - Retrieve the type of a credential cache.} +\label{appdev/refs/api/krb5_cc_get_type:krb5-cc-get-type-retrieve-the-type-of-a-credential-cache}\label{appdev/refs/api/krb5_cc_get_type::doc}\index{krb5\_cc\_get\_type (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_type:c.krb5_cc_get_type}\pysiglinewithargsret{const char * \bfcode{krb5\_cc\_get\_type}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +The type of a credential cache as an alias that must not be modified or freed by the caller. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_cc\_initialize - Initialize a credential cache.} +\label{appdev/refs/api/krb5_cc_initialize::doc}\label{appdev/refs/api/krb5_cc_initialize:krb5-cc-initialize-initialize-a-credential-cache}\index{krb5\_cc\_initialize (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_initialize:c.krb5_cc_initialize}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_initialize}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â principal}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{principal} - Default principal name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +System errors; Permission errors; Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Destroy any existing contents of \emph{cache} and initialize it for the default principal \emph{principal} . + + +\subsubsection{krb5\_cc\_new\_unique - Create a new credential cache of the specified type with a unique name.} +\label{appdev/refs/api/krb5_cc_new_unique:krb5-cc-new-unique-create-a-new-credential-cache-of-the-specified-type-with-a-unique-name}\label{appdev/refs/api/krb5_cc_new_unique::doc}\index{krb5\_cc\_new\_unique (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_new_unique:c.krb5_cc_new_unique}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_new\_unique}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â type}, const char *\emph{Â hint}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â id}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{type} - Credential cache type name + +\textbf{{[}in{]}} \textbf{hint} - Unused + +\textbf{{[}out{]}} \textbf{id} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_cc\_resolve - Resolve a credential cache name.} +\label{appdev/refs/api/krb5_cc_resolve:krb5-cc-resolve-resolve-a-credential-cache-name}\label{appdev/refs/api/krb5_cc_resolve::doc}\index{krb5\_cc\_resolve (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_resolve:c.krb5_cc_resolve}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_resolve}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - Credential cache name to be resolved + +\textbf{{[}out{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fills in \emph{cache} with a \emph{cache} handle that corresponds to the name in \emph{name} . \emph{name} should be of the form \textbf{type:residual} , and \emph{type} must be a type known to the library. If the \emph{name} does not contain a colon, interpret it as a file name. + + +\subsubsection{krb5\_change\_password - Change a password for an existing Kerberos account.} +\label{appdev/refs/api/krb5_change_password:krb5-change-password-change-a-password-for-an-existing-kerberos-account}\label{appdev/refs/api/krb5_change_password::doc}\index{krb5\_change\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_change_password:c.krb5_change_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_change\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, const char *\emph{Â newpw}, int *\emph{Â result\_code}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_code\_string}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_string}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{creds} - Credentials for kadmin/changepw service + +\textbf{{[}in{]}} \textbf{newpw} - New password + +\textbf{{[}out{]}} \textbf{result\_code} - Numeric error code from server + +\textbf{{[}out{]}} \textbf{result\_code\_string} - String equivalent to \emph{result\_code} + +\textbf{{[}out{]}} \textbf{result\_string} - Change password response from the KDC + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Change the password for the existing principal identified by \emph{creds} . + +The possible values of the output \emph{result\_code} are: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_KPASSWD_SUCCESS:KRB5_KPASSWD_SUCCESS]{\code{KRB5\_KPASSWD\_SUCCESS}}} (0) - success + +\item {} +{\hyperref[appdev/refs/macros/KRB5_KPASSWD_MALFORMED:KRB5_KPASSWD_MALFORMED]{\code{KRB5\_KPASSWD\_MALFORMED}}} (1) - Malformed request error + +\item {} +{\hyperref[appdev/refs/macros/KRB5_KPASSWD_HARDERROR:KRB5_KPASSWD_HARDERROR]{\code{KRB5\_KPASSWD\_HARDERROR}}} (2) - Server error + +\item {} +{\hyperref[appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:KRB5_KPASSWD_AUTHERROR]{\code{KRB5\_KPASSWD\_AUTHERROR}}} (3) - Authentication error + +\item {} +{\hyperref[appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:KRB5_KPASSWD_SOFTERROR]{\code{KRB5\_KPASSWD\_SOFTERROR}}} (4) - Password change rejected + +\end{itemize} + + +\subsubsection{krb5\_chpw\_message - Get a result message for changing or setting a password.} +\label{appdev/refs/api/krb5_chpw_message:krb5-chpw-message-get-a-result-message-for-changing-or-setting-a-password}\label{appdev/refs/api/krb5_chpw_message::doc}\index{krb5\_chpw\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_chpw_message:c.krb5_chpw_message}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_chpw\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â server\_string}, char **\emph{Â message\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{server\_string} - Data returned from the remote system + +\textbf{{[}out{]}} \textbf{message\_out} - A message displayable to the user + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function processes the \emph{server\_string} returned in the \emph{result\_string} parameter of {\hyperref[appdev/refs/api/krb5_change_password:c.krb5_change_password]{\code{krb5\_change\_password()}}} , {\hyperref[appdev/refs/api/krb5_set_password:c.krb5_set_password]{\code{krb5\_set\_password()}}} , and related functions, and returns a displayable string. If \emph{server\_string} contains Active Directory structured policy information, it will be converted into human-readable text. + +Use {\hyperref[appdev/refs/api/krb5_free_string:c.krb5_free_string]{\code{krb5\_free\_string()}}} to free \emph{message\_out} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_expand\_hostname - Canonicalize a hostname, possibly using name service.} +\label{appdev/refs/api/krb5_expand_hostname:krb5-expand-hostname-canonicalize-a-hostname-possibly-using-name-service}\label{appdev/refs/api/krb5_expand_hostname::doc}\index{krb5\_expand\_hostname (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_expand_hostname:c.krb5_expand_hostname}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_expand\_hostname}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â host}, char **\emph{Â canonhost\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{host} - Input hostname + +\textbf{{[}out{]}} \textbf{canonhost\_out} - Canonicalized hostname + +\end{description}\end{quote} + +This function canonicalizes orig\_hostname, possibly using name service lookups if configuration permits. Use {\hyperref[appdev/refs/api/krb5_free_string:c.krb5_free_string]{\code{krb5\_free\_string()}}} to free \emph{canonhost\_out} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.15 +\end{notice} + + +\subsubsection{krb5\_free\_context - Free a krb5 library context.} +\label{appdev/refs/api/krb5_free_context:krb5-free-context-free-a-krb5-library-context}\label{appdev/refs/api/krb5_free_context::doc}\index{krb5\_free\_context (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_context:c.krb5_free_context}\pysiglinewithargsret{void \bfcode{krb5\_free\_context}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} + +This function frees a \emph{context} that was created by {\hyperref[appdev/refs/api/krb5_init_context:c.krb5_init_context]{\code{krb5\_init\_context()}}} or {\hyperref[appdev/refs/api/krb5_init_secure_context:c.krb5_init_secure_context]{\code{krb5\_init\_secure\_context()}}} . + + +\subsubsection{krb5\_free\_error\_message - Free an error message generated by krb5\_get\_error\_message() .} +\label{appdev/refs/api/krb5_free_error_message:krb5-free-error-message-free-an-error-message-generated-by-krb5-get-error-message}\label{appdev/refs/api/krb5_free_error_message::doc}\index{krb5\_free\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_error_message:c.krb5_free_error_message}\pysiglinewithargsret{void \bfcode{krb5\_free\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, const char *\emph{Â msg}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{msg} - Pointer to error message + +\end{description}\end{quote} + + +\subsubsection{krb5\_free\_principal - Free the storage assigned to a principal.} +\label{appdev/refs/api/krb5_free_principal::doc}\label{appdev/refs/api/krb5_free_principal:krb5-free-principal-free-the-storage-assigned-to-a-principal}\index{krb5\_free\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_principal:c.krb5_free_principal}\pysiglinewithargsret{void \bfcode{krb5\_free\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Principal to be freed + +\end{description}\end{quote} + + +\subsubsection{krb5\_fwd\_tgt\_creds - Get a forwarded TGT and format a KRB-CRED message.} +\label{appdev/refs/api/krb5_fwd_tgt_creds:krb5-fwd-tgt-creds-get-a-forwarded-tgt-and-format-a-krb-cred-message}\label{appdev/refs/api/krb5_fwd_tgt_creds::doc}\index{krb5\_fwd\_tgt\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_fwd_tgt_creds:c.krb5_fwd_tgt_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_fwd\_tgt\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, char *\emph{Â rhost}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cc}, int\emph{Â forwardable}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{rhost} - Remote host + +\textbf{{[}in{]}} \textbf{client} - Client principal of TGT + +\textbf{{[}in{]}} \textbf{server} - Principal of server to receive TGT + +\textbf{{[}in{]}} \textbf{cc} - Credential cache handle (NULL to use default) + +\textbf{{[}in{]}} \textbf{forwardable} - Whether TGT should be forwardable + +\textbf{{[}out{]}} \textbf{outbuf} - KRB-CRED message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +ENOMEM Insufficient memory + +\item {} +KRB5\_PRINC\_NOMATCH Requested principal and ticket do not match + +\item {} +KRB5\_NO\_TKT\_SUPPLIED Request did not supply a ticket + +\item {} +KRB5\_CC\_BADNAME Credential cache name or principal name malformed + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Get a TGT for use at the remote host \emph{rhost} and format it into a KRB-CRED message. If \emph{rhost} is NULL and \emph{server} is of type {\hyperref[appdev/refs/macros/KRB5_NT_SRV_HST:KRB5_NT_SRV_HST]{\code{KRB5\_NT\_SRV\_HST}}} , the second component of \emph{server} will be used. + + +\subsubsection{krb5\_get\_default\_realm - Retrieve the default realm.} +\label{appdev/refs/api/krb5_get_default_realm:krb5-get-default-realm-retrieve-the-default-realm}\label{appdev/refs/api/krb5_get_default_realm::doc}\index{krb5\_get\_default\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_default_realm:c.krb5_get_default_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_default\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char **\emph{Â lrealm}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{lrealm} - Default realm name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Retrieves the default realm to be used if no user-specified realm is available. + +Use {\hyperref[appdev/refs/api/krb5_free_default_realm:c.krb5_free_default_realm]{\code{krb5\_free\_default\_realm()}}} to free \emph{lrealm} when it is no longer needed. + + +\subsubsection{krb5\_get\_error\_message - Get the (possibly extended) error message for a code.} +\label{appdev/refs/api/krb5_get_error_message::doc}\label{appdev/refs/api/krb5_get_error_message:krb5-get-error-message-get-the-possibly-extended-error-message-for-a-code}\index{krb5\_get\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_error_message:c.krb5_get_error_message}\pysiglinewithargsret{const char * \bfcode{krb5\_get\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{code} - Error code + +\end{description}\end{quote} + +The behavior of {\hyperref[appdev/refs/api/krb5_get_error_message:c.krb5_get_error_message]{\code{krb5\_get\_error\_message()}}} is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function. + +This function never returns NULL, so its result may be used unconditionally as a C string. + +The string returned by this function must be freed using {\hyperref[appdev/refs/api/krb5_free_error_message:c.krb5_free_error_message]{\code{krb5\_free\_error\_message()}}} + +\begin{notice}{note}{Note:} +Future versions may return the same string for the second and following calls. +\end{notice} + + +\subsubsection{krb5\_get\_host\_realm - Get the Kerberos realm names for a host.} +\label{appdev/refs/api/krb5_get_host_realm:krb5-get-host-realm-get-the-kerberos-realm-names-for-a-host}\label{appdev/refs/api/krb5_get_host_realm::doc}\index{krb5\_get\_host\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_host_realm:c.krb5_get_host_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_host\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â host}, char ***\emph{Â realmsp}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{host} - Host name (or NULL) + +\textbf{{[}out{]}} \textbf{realmsp} - Null-terminated list of realm names + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +ENOMEM Insufficient memory + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fill in \emph{realmsp} with a pointer to a null-terminated list of realm names. If there are no known realms for the host, a list containing the referral (empty) realm is returned. + +If \emph{host} is NULL, the local host's realms are determined. + +Use {\hyperref[appdev/refs/api/krb5_free_host_realm:c.krb5_free_host_realm]{\code{krb5\_free\_host\_realm()}}} to release \emph{realmsp} when it is no longer needed. + + +\subsubsection{krb5\_get\_credentials - Get an additional ticket.} +\label{appdev/refs/api/krb5_get_credentials:krb5-get-credentials-get-an-additional-ticket}\label{appdev/refs/api/krb5_get_credentials::doc}\index{krb5\_get\_credentials (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_credentials}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â in\_creds}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â out\_creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{options} - Options + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{in\_creds} - Input credentials + +\textbf{{[}out{]}} \textbf{out\_creds} - Output updated credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use \emph{ccache} or a TGS exchange to get a service ticket matching \emph{in\_creds} . + +Valid values for \emph{options} are: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_GC_CACHED:KRB5_GC_CACHED]{\code{KRB5\_GC\_CACHED}}} Search only credential cache for the ticket + +\item {} +{\hyperref[appdev/refs/macros/KRB5_GC_USER_USER:KRB5_GC_USER_USER]{\code{KRB5\_GC\_USER\_USER}}} Return a user to user authentication ticket + +\end{itemize} + +\emph{in\_creds} must be non-null. \emph{in\_creds-\textgreater{}client} and \emph{in\_creds-\textgreater{}server} must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in \emph{in\_creds-\textgreater{}authdata} ; otherwise set \emph{in\_creds-\textgreater{}authdata} to NULL. The session key type is specified in \emph{in\_creds-\textgreater{}keyblock.enctype} , if it is nonzero. +\end{quote} + +The expiration date is specified in \emph{in\_creds-\textgreater{}times.endtime} . The KDC may return tickets with an earlier expiration date. If \emph{in\_creds-\textgreater{}times.endtime} is set to 0, the latest possible expiration date will be requested. + +Any returned ticket and intermediate ticket-granting tickets are stored in \emph{ccache} . + +Use {\hyperref[appdev/refs/api/krb5_free_creds:c.krb5_free_creds]{\code{krb5\_free\_creds()}}} to free \emph{out\_creds} when it is no longer needed. + + +\subsubsection{krb5\_get\_fallback\_host\_realm} +\label{appdev/refs/api/krb5_get_fallback_host_realm:krb5-get-fallback-host-realm}\label{appdev/refs/api/krb5_get_fallback_host_realm::doc}\index{krb5\_get\_fallback\_host\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_fallback_host_realm:c.krb5_get_fallback_host_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_fallback\_host\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â hdata}, char ***\emph{Â realmsp}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{hdata} - Host name (or NULL) + +\textbf{{[}out{]}} \textbf{realmsp} - Null-terminated list of realm names + +\end{description}\end{quote} + +Fill in \emph{realmsp} with a pointer to a null-terminated list of realm names obtained through heuristics or insecure resolution methods which have lower priority than KDC referrals. + +If \emph{host} is NULL, the local host's realms are determined. + +Use {\hyperref[appdev/refs/api/krb5_free_host_realm:c.krb5_free_host_realm]{\code{krb5\_free\_host\_realm()}}} to release \emph{realmsp} when it is no longer needed. + + +\subsubsection{krb5\_get\_init\_creds\_keytab - Get initial credentials using a key table.} +\label{appdev/refs/api/krb5_get_init_creds_keytab:krb5-get-init-creds-keytab-get-initial-credentials-using-a-key-table}\label{appdev/refs/api/krb5_get_init_creds_keytab::doc}\index{krb5\_get\_init\_creds\_keytab (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_keytab:c.krb5_get_init_creds_keytab}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_keytab}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â arg\_keytab}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â start\_time}, const char *\emph{Â in\_tkt\_service}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â k5\_gic\_options}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{creds} - New credentials + +\textbf{{[}in{]}} \textbf{client} - Client principal + +\textbf{{[}in{]}} \textbf{arg\_keytab} - Key table handle + +\textbf{{[}in{]}} \textbf{start\_time} - Time when ticket becomes valid (0 for now) + +\textbf{{[}in{]}} \textbf{in\_tkt\_service} - Service name of initial credentials (or NULL) + +\textbf{{[}in{]}} \textbf{k5\_gic\_options} - Initial credential options + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function requests KDC for an initial credentials for \emph{client} using a client key stored in \emph{arg\_keytab} . If \emph{in\_tkt\_service} is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_alloc - Allocate a new initial credential options structure.} +\label{appdev/refs/api/krb5_get_init_creds_opt_alloc:krb5-get-init-creds-opt-alloc-allocate-a-new-initial-credential-options-structure}\label{appdev/refs/api/krb5_get_init_creds_opt_alloc::doc}\index{krb5\_get\_init\_creds\_opt\_alloc (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_alloc:c.krb5_get_init_creds_opt_alloc}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_alloc}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} **\emph{Â opt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{opt} - New options structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 - Success; Kerberos errors otherwise. + +\end{itemize} + +\end{description}\end{quote} + +This function is the preferred way to create an options structure for getting initial credentials, and is required to make use of certain options. Use {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_free:c.krb5_get_init_creds_opt_free]{\code{krb5\_get\_init\_creds\_opt\_free()}}} to free \emph{opt} when it is no longer needed. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_free - Free initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_free::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_free:krb5-get-init-creds-opt-free-free-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_free:c.krb5_get_init_creds_opt_free}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options structure to free + +\end{description}\end{quote} + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_get_init_creds_opt_alloc:c.krb5_get_init_creds_opt_alloc]{\code{krb5\_get\_init\_creds\_opt\_alloc()}}} + + + + +\subsubsection{krb5\_get\_init\_creds\_opt\_get\_fast\_flags - Retrieve FAST flags from initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags:krb5-get-init-creds-opt-get-fast-flags-retrieve-fast-flags-from-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_get\_fast\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags:c.krb5_get_init_creds_opt_get_fast_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_get\_fast\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} *\emph{Â out\_flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}out{]}} \textbf{out\_flags} - FAST flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 - Success; Kerberos errors otherwise. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_address\_list - Set address restrictions in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_address_list:krb5-get-init-creds-opt-set-address-list-set-address-restrictions-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_address_list::doc}\index{krb5\_get\_init\_creds\_opt\_set\_address\_list (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_address_list:c.krb5_get_init_creds_opt_set_address_list}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_address\_list}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} **\emph{Â addresses}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{addresses} - Null-terminated array of addresses + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_anonymous - Set or unset the anonymous flag in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:krb5-get-init-creds-opt-set-anonymous-set-or-unset-the-anonymous-flag-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous::doc}\index{krb5\_get\_init\_creds\_opt\_set\_anonymous (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:c.krb5_get_init_creds_opt_set_anonymous}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_anonymous}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, int\emph{Â anonymous}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{anonymous} - Whether to make an anonymous request + +\end{description}\end{quote} + +This function may be used to request anonymous credentials from the KDC by setting \emph{anonymous} to non-zero. Note that anonymous credentials are only a request; clients must verify that credentials are anonymous if that is a requirement. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_canonicalize - Set or unset the canonicalize flag in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize:krb5-get-init-creds-opt-set-canonicalize-set-or-unset-the-canonicalize-flag-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize::doc}\index{krb5\_get\_init\_creds\_opt\_set\_canonicalize (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize:c.krb5_get_init_creds_opt_set_canonicalize}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_canonicalize}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, int\emph{Â canonicalize}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{canonicalize} - Whether to canonicalize client principal + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt - Set or unset change-password-prompt flag in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt:krb5-get-init-creds-opt-set-change-password-prompt-set-or-unset-change-password-prompt-flag-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt:c.krb5_get_init_creds_opt_set_change_password_prompt}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, int\emph{Â prompt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{prompt} - Whether to prompt to change password + +\end{description}\end{quote} + +This flag is on by default. It controls whether {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} will react to an expired-password error by prompting for a new password and attempting to change the old one. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_etype\_list - Set allowable encryption types in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list:krb5-get-init-creds-opt-set-etype-list-set-allowable-encryption-types-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list::doc}\index{krb5\_get\_init\_creds\_opt\_set\_etype\_list (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list:c.krb5_get_init_creds_opt_set_etype_list}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_etype\_list}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â etype\_list}, int\emph{Â etype\_list\_length}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{etype\_list} - Array of encryption types + +\textbf{{[}in{]}} \textbf{etype\_list\_length} - Length of \emph{etype\_list} + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_expire\_callback - Set an expiration callback in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback:krb5-get-init-creds-opt-set-expire-callback-set-an-expiration-callback-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_expire\_callback (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback:c.krb5_get_init_creds_opt_set_expire_callback}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_expire\_callback}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_expire_callback_func:c.krb5_expire_callback_func]{krb5\_expire\_callback\_func}}\emph{Â cb}, void *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{cb} - Callback function + +\textbf{{[}in{]}} \textbf{data} - Callback argument + +\end{description}\end{quote} + +Set a callback to receive password and account expiration times. + +This option only applies to {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} . \emph{cb} will be invoked if and only if credentials are successfully acquired. The callback will receive the \emph{context} from the {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} call and the \emph{data} argument supplied with this API. The remaining arguments should be interpreted as follows: + +If \emph{is\_last\_req} is true, then the KDC reply contained last-req entries which unambiguously indicated the password expiration, account expiration, or both. (If either value was not present, the corresponding argument will be 0.) Furthermore, a non-zero \emph{password\_expiration} should be taken as a suggestion from the KDC that a warning be displayed. + +If \emph{is\_last\_req} is false, then \emph{account\_expiration} will be 0 and \emph{password\_expiration} will contain the expiration time of either the password or account, or 0 if no expiration time was indicated in the KDC reply. The callback should independently decide whether to display a password expiration warning. + +Note that \emph{cb} may be invoked even if credentials are being acquired for the kadmin/changepw service in order to change the password. It is the caller's responsibility to avoid displaying a password expiry warning in this case. + +\begin{notice}{warning}{Warning:} +Setting an expire callback with this API will cause {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} not to send password expiry warnings to the prompter, as it ordinarily may. +\end{notice} + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache - Set FAST armor cache in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache:krb5-get-init-creds-opt-set-fast-ccache-set-fast-armor-cache-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache:c.krb5_get_init_creds_opt_set_fast_ccache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name:c.krb5_get_init_creds_opt_set_fast_ccache_name]{\code{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name()}}} , but uses a credential cache handle instead of a name. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name - Set location of FAST armor ccache in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name:krb5-get-init-creds-opt-set-fast-ccache-name-set-location-of-fast-armor-ccache-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name::doc}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name:c.krb5_get_init_creds_opt_set_fast_ccache_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, const char *\emph{Â fast\_ccache\_name}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}in{]}} \textbf{fast\_ccache\_name} - Credential cache name + +\end{description}\end{quote} + +Sets the location of a credential cache containing an armor ticket to protect an initial credential exchange using the FAST protocol extension. + +In version 1.7, setting an armor ccache requires that FAST be used for the exchange. In version 1.8 or later, setting the armor ccache causes FAST to be used if the KDC supports it; {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags:c.krb5_get_init_creds_opt_set_fast_flags]{\code{krb5\_get\_init\_creds\_opt\_set\_fast\_flags()}}} must be used to require that FAST be used. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_flags - Set FAST flags in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags:krb5-get-init-creds-opt-set-fast-flags-set-fast-flags-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags::doc}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags:c.krb5_get_init_creds_opt_set_fast_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_fast\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}in{]}} \textbf{flags} - FAST flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 - Success; Kerberos errors otherwise. + +\end{itemize} + +\end{description}\end{quote} + +The following flag values are valid: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_FAST_REQUIRED:KRB5_FAST_REQUIRED]{\code{KRB5\_FAST\_REQUIRED}}} - Require FAST to be used + +\end{itemize} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_forwardable - Set or unset the forwardable flag in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable:krb5-get-init-creds-opt-set-forwardable-set-or-unset-the-forwardable-flag-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable::doc}\index{krb5\_get\_init\_creds\_opt\_set\_forwardable (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable:c.krb5_get_init_creds_opt_set_forwardable}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_forwardable}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, int\emph{Â forwardable}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{forwardable} - Whether credentials should be forwardable + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_in\_ccache - Set an input credential cache in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache:krb5-get-init-creds-opt-set-in-ccache-set-an-input-credential-cache-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_in\_ccache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache:c.krb5_get_init_creds_opt_set_in_ccache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_in\_ccache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} + +If an input credential cache is set, then the krb5\_get\_init\_creds family of APIs will read settings from it. Setting an input ccache is desirable when the application wishes to perform authentication in the same way (using the same preauthentication mechanisms, and making the same non-security- sensitive choices) as the previous authentication attempt, which stored information in the passed-in ccache. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_out\_ccache - Set an output credential cache in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache:krb5-get-init-creds-opt-set-out-ccache-set-an-output-credential-cache-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache::doc}\index{krb5\_get\_init\_creds\_opt\_set\_out\_ccache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache:c.krb5_get_init_creds_opt_set_out_ccache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_out\_ccache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} + +If an output credential cache is set, then the krb5\_get\_init\_creds family of APIs will write credentials to it. Setting an output ccache is desirable both because it simplifies calling code and because it permits the krb5\_get\_init\_creds APIs to write out configuration information about the realm to the ccache. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_pa - Supply options for preauthentication in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_pa::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_pa:krb5-get-init-creds-opt-set-pa-supply-options-for-preauthentication-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_pa (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_pa:c.krb5_get_init_creds_opt_set_pa}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_pa}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, const char *\emph{Â attr}, const char *\emph{Â value}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{attr} - Preauthentication option name + +\textbf{{[}in{]}} \textbf{value} - Preauthentication option value + +\end{description}\end{quote} + +This function allows the caller to supply options for preauthentication. The values of \emph{attr} and \emph{value} are supplied to each preauthentication module available within \emph{context} . + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_pac\_request - Ask the KDC to include or not include a PAC in the ticket.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request:krb5-get-init-creds-opt-set-pac-request-ask-the-kdc-to-include-or-not-include-a-pac-in-the-ticket}\label{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request::doc}\index{krb5\_get\_init\_creds\_opt\_set\_pac\_request (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request:c.krb5_get_init_creds_opt_set_pac_request}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_pac\_request}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}}\emph{Â req\_pac}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{req\_pac} - Whether to request a PAC or not + +\end{description}\end{quote} + +If this option is set, the AS request will include a PAC-REQUEST pa-data item explicitly asking the KDC to either include or not include a privilege attribute certificate in the ticket authorization data. By default, no request is made; typically the KDC will default to including a PAC if it supports them. + +\begin{notice}{note}{Note:} +New in 1.15 +\end{notice} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_preauth\_list - Set preauthentication types in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list:krb5-get-init-creds-opt-set-preauth-list-set-preauthentication-types-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list::doc}\index{krb5\_get\_init\_creds\_opt\_set\_preauth\_list (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list:c.krb5_get_init_creds_opt_set_preauth_list}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_preauth\_list}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} *\emph{Â preauth\_list}, int\emph{Â preauth\_list\_length}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{preauth\_list} - Array of preauthentication types + +\textbf{{[}in{]}} \textbf{preauth\_list\_length} - Length of \emph{preauth\_list} + +\end{description}\end{quote} + +This function can be used to perform optimistic preauthentication when getting initial credentials, in combination with {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_salt:c.krb5_get_init_creds_opt_set_salt]{\code{krb5\_get\_init\_creds\_opt\_set\_salt()}}} and {\hyperref[appdev/refs/api/krb5_get_init_creds_opt_set_pa:c.krb5_get_init_creds_opt_set_pa]{\code{krb5\_get\_init\_creds\_opt\_set\_pa()}}} . + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_proxiable - Set or unset the proxiable flag in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable:krb5-get-init-creds-opt-set-proxiable-set-or-unset-the-proxiable-flag-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_proxiable (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable:c.krb5_get_init_creds_opt_set_proxiable}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_proxiable}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, int\emph{Â proxiable}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{proxiable} - Whether credentials should be proxiable + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_renew\_life - Set the ticket renewal lifetime in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life::doc}\label{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life:krb5-get-init-creds-opt-set-renew-life-set-the-ticket-renewal-lifetime-in-initial-credential-options}\index{krb5\_get\_init\_creds\_opt\_set\_renew\_life (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life:c.krb5_get_init_creds_opt_set_renew_life}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_renew\_life}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â renew\_life}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Pointer to \emph{options} field + +\textbf{{[}in{]}} \textbf{renew\_life} - Ticket renewal lifetime + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_responder - Set the responder function in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_responder:krb5-get-init-creds-opt-set-responder-set-the-responder-function-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_responder::doc}\index{krb5\_get\_init\_creds\_opt\_set\_responder (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_responder:c.krb5_get_init_creds_opt_set_responder}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_opt\_set\_responder}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_responder_fn:c.krb5_responder_fn]{krb5\_responder\_fn}}\emph{Â responder}, void *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{responder} - Responder function + +\textbf{{[}in{]}} \textbf{data} - Responder data argument + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_salt - Set salt for optimistic preauthentication in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_salt:krb5-get-init-creds-opt-set-salt-set-salt-for-optimistic-preauthentication-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_salt::doc}\index{krb5\_get\_init\_creds\_opt\_set\_salt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_salt:c.krb5_get_init_creds_opt_set_salt}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_salt}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â salt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{salt} - Salt data + +\end{description}\end{quote} + +When getting initial credentials with a password, a salt string it used to convert the password to a key. Normally this salt is obtained from the first KDC reply, but when performing optimistic preauthentication, the client may need to supply the salt string with this function. + + +\subsubsection{krb5\_get\_init\_creds\_opt\_set\_tkt\_life - Set the ticket lifetime in initial credential options.} +\label{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life:krb5-get-init-creds-opt-set-tkt-life-set-the-ticket-lifetime-in-initial-credential-options}\label{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life::doc}\index{krb5\_get\_init\_creds\_opt\_set\_tkt\_life (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life:c.krb5_get_init_creds_opt_set_tkt_life}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_set\_tkt\_life}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â tkt\_life}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{opt} - Options structure + +\textbf{{[}in{]}} \textbf{tkt\_life} - Ticket lifetime + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_init\_creds\_password - Get initial credentials using a password.} +\label{appdev/refs/api/krb5_get_init_creds_password::doc}\label{appdev/refs/api/krb5_get_init_creds_password:krb5-get-init-creds-password-get-initial-credentials-using-a-password}\index{krb5\_get\_init\_creds\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_init\_creds\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, const char *\emph{Â password}, {\hyperref[appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct]{krb5\_prompter\_fct}}\emph{Â prompter}, void *\emph{Â data}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â start\_time}, const char *\emph{Â in\_tkt\_service}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â k5\_gic\_options}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{creds} - New credentials + +\textbf{{[}in{]}} \textbf{client} - Client principal + +\textbf{{[}in{]}} \textbf{password} - Password (or NULL) + +\textbf{{[}in{]}} \textbf{prompter} - Prompter function + +\textbf{{[}in{]}} \textbf{data} - Prompter callback data + +\textbf{{[}in{]}} \textbf{start\_time} - Time when ticket becomes valid (0 for now) + +\textbf{{[}in{]}} \textbf{in\_tkt\_service} - Service name of initial credentials (or NULL) + +\textbf{{[}in{]}} \textbf{k5\_gic\_options} - Initial credential options + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +EINVAL Invalid argument + +\item {} +KRB5\_KDC\_UNREACH Cannot contact any KDC for requested realm + +\item {} +KRB5\_PREAUTH\_FAILED Generic Pre-athentication failure + +\item {} +KRB5\_LIBOS\_PWDINTR Password read interrupted + +\item {} +KRB5\_REALM\_CANT\_RESOLVE Cannot resolve network address for KDC in requested realm + +\item {} +KRB5KDC\_ERR\_KEY\_EXP Password has expired + +\item {} +KRB5\_LIBOS\_BADPWDMATCH Password mismatch + +\item {} +KRB5\_CHPW\_PWDNULL New password cannot be zero length + +\item {} +KRB5\_CHPW\_FAIL Password change failed + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function requests KDC for an initial credentials for \emph{client} using \emph{password} . If \emph{password} is NULL, a password will be prompted for using \emph{prompter} if necessary. If \emph{in\_tkt\_service} is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. + + +\subsubsection{krb5\_get\_profile - Retrieve configuration profile from the context.} +\label{appdev/refs/api/krb5_get_profile::doc}\label{appdev/refs/api/krb5_get_profile:krb5-get-profile-retrieve-configuration-profile-from-the-context}\index{krb5\_get\_profile (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_profile:c.krb5_get_profile}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_profile}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, struct \_profile\_t **\emph{Â profile}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{profile} - Pointer to data read from a configuration file + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new \emph{profile} object that reflects profile in the supplied \emph{context} . + +The \emph{profile} object may be freed with profile\_release() function. See profile.h and profile API for more details. + + +\subsubsection{krb5\_get\_prompt\_types - Get prompt types array from a context.} +\label{appdev/refs/api/krb5_get_prompt_types::doc}\label{appdev/refs/api/krb5_get_prompt_types:krb5-get-prompt-types-get-prompt-types-array-from-a-context}\index{krb5\_get\_prompt\_types (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_prompt_type:c.krb5_prompt_type]{krb5\_prompt\_type}} * \bfcode{krb5\_get\_prompt\_types}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +Pointer to an array of prompt types corresponding to the prompter's prompts arguments. Each type has one of the following values: KRB5\_PROMPT\_TYPE\_PASSWORD KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN KRB5\_PROMPT\_TYPE\_PREAUTH + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_renewed\_creds - Get renewed credential from KDC using an existing credential.} +\label{appdev/refs/api/krb5_get_renewed_creds:krb5-get-renewed-creds-get-renewed-credential-from-kdc-using-an-existing-credential}\label{appdev/refs/api/krb5_get_renewed_creds::doc}\index{krb5\_get\_renewed\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_renewed_creds:c.krb5_get_renewed_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_renewed\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, const char *\emph{Â in\_tkt\_service}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{creds} - Renewed credentials + +\textbf{{[}in{]}} \textbf{client} - Client principal name + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache + +\textbf{{[}in{]}} \textbf{in\_tkt\_service} - Server principal string (or NULL) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function gets a renewed credential using an existing one from \emph{ccache} . If \emph{in\_tkt\_service} is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. + +If successful, the renewed credential is placed in \emph{creds} . + + +\subsubsection{krb5\_get\_validated\_creds - Get validated credentials from the KDC.} +\label{appdev/refs/api/krb5_get_validated_creds:krb5-get-validated-creds-get-validated-credentials-from-the-kdc}\label{appdev/refs/api/krb5_get_validated_creds::doc}\index{krb5\_get\_validated\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_validated_creds:c.krb5_get_validated_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_validated\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, const char *\emph{Â in\_tkt\_service}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{creds} - Validated credentials + +\textbf{{[}in{]}} \textbf{client} - Client principal name + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache + +\textbf{{[}in{]}} \textbf{in\_tkt\_service} - Server principal string (or NULL) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_NO\_2ND\_TKT Request missing second ticket + +\item {} +KRB5\_NO\_TKT\_SUPPLIED Request did not supply a ticket + +\item {} +KRB5\_PRINC\_NOMATCH Requested principal and ticket do not match + +\item {} +KRB5\_KDCREP\_MODIFIED KDC reply did not match expectations + +\item {} +KRB5\_KDCREP\_SKEW Clock skew too great in KDC reply + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function gets a validated credential using a postdated credential from \emph{ccache} . If \emph{in\_tkt\_service} is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. + +If successful, the validated credential is placed in \emph{creds} . + + +\subsubsection{krb5\_init\_context - Create a krb5 library context.} +\label{appdev/refs/api/krb5_init_context:krb5-init-context-create-a-krb5-library-context}\label{appdev/refs/api/krb5_init_context::doc}\index{krb5\_init\_context (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_context:c.krb5_init_context}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_context}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}} *\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}out{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The \emph{context} must be released by calling {\hyperref[appdev/refs/api/krb5_free_context:c.krb5_free_context]{\code{krb5\_free\_context()}}} when it is no longer needed. + +\begin{notice}{warning}{Warning:} +Any program or module that needs the Kerberos code to not trust the environment must use {\hyperref[appdev/refs/api/krb5_init_secure_context:c.krb5_init_secure_context]{\code{krb5\_init\_secure\_context()}}} , or clean out the environment. +\end{notice} + + +\subsubsection{krb5\_init\_secure\_context - Create a krb5 library context using only configuration files.} +\label{appdev/refs/api/krb5_init_secure_context::doc}\label{appdev/refs/api/krb5_init_secure_context:krb5-init-secure-context-create-a-krb5-library-context-using-only-configuration-files}\index{krb5\_init\_secure\_context (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_secure_context:c.krb5_init_secure_context}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_secure\_context}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}} *\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}out{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Create a context structure, using only system configuration files. All information passed through the environment variables is ignored. + +The \emph{context} must be released by calling {\hyperref[appdev/refs/api/krb5_free_context:c.krb5_free_context]{\code{krb5\_free\_context()}}} when it is no longer needed. + + +\subsubsection{krb5\_is\_config\_principal - Test whether a principal is a configuration principal.} +\label{appdev/refs/api/krb5_is_config_principal:krb5-is-config-principal-test-whether-a-principal-is-a-configuration-principal}\label{appdev/refs/api/krb5_is_config_principal::doc}\index{krb5\_is\_config\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_is_config_principal:c.krb5_is_config_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_is\_config\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal to check + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if the principal is a configuration principal (generated part of krb5\_cc\_set\_config() ); FALSE otherwise. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_is\_thread\_safe - Test whether the Kerberos library was built with multithread support.} +\label{appdev/refs/api/krb5_is_thread_safe::doc}\label{appdev/refs/api/krb5_is_thread_safe:krb5-is-thread-safe-test-whether-the-kerberos-library-was-built-with-multithread-support}\index{krb5\_is\_thread\_safe (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_is_thread_safe:c.krb5_is_thread_safe}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_is\_thread\_safe}}{void\emph{Â None}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{None} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if the library is threadsafe; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_close - Close a key table handle.} +\label{appdev/refs/api/krb5_kt_close:krb5-kt-close-close-a-key-table-handle}\label{appdev/refs/api/krb5_kt_close::doc}\index{krb5\_kt\_close (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_close:c.krb5_kt_close}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_close}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 None + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_client\_default - Resolve the default client key table.} +\label{appdev/refs/api/krb5_kt_client_default::doc}\label{appdev/refs/api/krb5_kt_client_default:krb5-kt-client-default-resolve-the-default-client-key-table}\index{krb5\_kt\_client\_default (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_client_default:c.krb5_kt_client_default}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_client\_default}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}} *\emph{Â keytab\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{keytab\_out} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fill \emph{keytab\_out} with a handle to the default client key table. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_kt\_default - Resolve the default key table.} +\label{appdev/refs/api/krb5_kt_default:krb5-kt-default-resolve-the-default-key-table}\label{appdev/refs/api/krb5_kt_default::doc}\index{krb5\_kt\_default (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_default:c.krb5_kt_default}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_default}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}} *\emph{Â id}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{id} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Set \emph{id} to a handle to the default key table. The key table is not opened. + + +\subsubsection{krb5\_kt\_default\_name - Get the default key table name.} +\label{appdev/refs/api/krb5_kt_default_name::doc}\label{appdev/refs/api/krb5_kt_default_name:krb5-kt-default-name-get-the-default-key-table-name}\index{krb5\_kt\_default\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_default_name:c.krb5_kt_default_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_default\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char *\emph{Â name}, int\emph{Â name\_size}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{name} - Default key table name + +\textbf{{[}in{]}} \textbf{name\_size} - Space available in \emph{name} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_CONFIG\_NOTENUFSPACE Buffer is too short + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fill \emph{name} with the name of the default key table for \emph{context} . + + +\subsubsection{krb5\_kt\_dup - Duplicate keytab handle.} +\label{appdev/refs/api/krb5_kt_dup:krb5-kt-dup-duplicate-keytab-handle}\label{appdev/refs/api/krb5_kt_dup::doc}\index{krb5\_kt\_dup (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_dup:c.krb5_kt_dup}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_dup}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â in}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}} *\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{in} - Key table handle to be duplicated + +\textbf{{[}out{]}} \textbf{out} - Key table handle + +\end{description}\end{quote} + +Create a new handle referring to the same key table as \emph{in} . The new handle and \emph{in} can be closed independently. + +\begin{notice}{note}{Note:} +New in 1.12 +\end{notice} + + +\subsubsection{krb5\_kt\_get\_name - Get a key table name.} +\label{appdev/refs/api/krb5_kt_get_name::doc}\label{appdev/refs/api/krb5_kt_get_name:krb5-kt-get-name-get-a-key-table-name}\index{krb5\_kt\_get\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_get_name:c.krb5_kt_get_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_get\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, char *\emph{Â name}, unsigned int\emph{Â namelen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\textbf{{[}out{]}} \textbf{name} - Key table name + +\textbf{{[}in{]}} \textbf{namelen} - Maximum length to fill in name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_KT\_NAME\_TOOLONG Key table name does not fit in namelen bytes + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fill \emph{name} with the name of \emph{keytab} including the type and delimiter. + + +\subsubsection{krb5\_kt\_get\_type - Return the type of a key table.} +\label{appdev/refs/api/krb5_kt_get_type:krb5-kt-get-type-return-the-type-of-a-key-table}\label{appdev/refs/api/krb5_kt_get_type::doc}\index{krb5\_kt\_get\_type (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_get_type:c.krb5_kt_get_type}\pysiglinewithargsret{const char * \bfcode{krb5\_kt\_get\_type}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +The type of a key table as an alias that must not be modified or freed by the caller. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_resolve - Get a handle for a key table.} +\label{appdev/refs/api/krb5_kt_resolve:krb5-kt-resolve-get-a-handle-for-a-key-table}\label{appdev/refs/api/krb5_kt_resolve::doc}\index{krb5\_kt\_resolve (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_resolve:c.krb5_kt_resolve}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_resolve}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}} *\emph{Â ktid}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - Name of the key table + +\textbf{{[}out{]}} \textbf{ktid} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Resolve the key table name \emph{name} and set \emph{ktid} to a handle identifying the key table. Use {\hyperref[appdev/refs/api/krb5_kt_close:c.krb5_kt_close]{\code{krb5\_kt\_close()}}} to free \emph{ktid} when it is no longer needed. +\begin{quote} + +\emph{name} must be of the form \textbf{type:residual} , where \emph{type} must be a type known to the library and \emph{residual} portion should be specific to the particular keytab type. If no \emph{type} is given, the default is \textbf{FILE} . +\end{quote} + +If \emph{name} is of type \textbf{FILE} , the keytab file is not opened by this call. + + +\subsubsection{krb5\_kuserok - Determine if a principal is authorized to log in as a local user.} +\label{appdev/refs/api/krb5_kuserok:krb5-kuserok-determine-if-a-principal-is-authorized-to-log-in-as-a-local-user}\label{appdev/refs/api/krb5_kuserok::doc}\index{krb5\_kuserok (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kuserok:c.krb5_kuserok}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_kuserok}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â principal}, const char *\emph{Â luser}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal name + +\textbf{{[}in{]}} \textbf{luser} - Local username + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE Principal is authorized to log in as user; FALSE otherwise. + +\end{itemize} + +\end{description}\end{quote} + +Determine whether \emph{principal} is authorized to log in as a local user \emph{luser} . + + +\subsubsection{krb5\_parse\_name - Convert a string principal name to a krb5\_principal structure.} +\label{appdev/refs/api/krb5_parse_name::doc}\label{appdev/refs/api/krb5_parse_name:krb5-parse-name-convert-a-string-principal-name-to-a-krb5-principal-structure}\index{krb5\_parse\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_parse_name:c.krb5_parse_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_parse\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â principal\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - String representation of a principal name + +\textbf{{[}out{]}} \textbf{principal\_out} - New principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Convert a string representation of a principal name to a krb5\_principal structure. + +A string representation of a Kerberos name consists of one or more principal name components, separated by slashes, optionally followed by the @ character and a realm name. If the realm name is not specified, the local realm is used. + +To use the slash and @ symbols as part of a component (quoted) instead of using them as a component separator or as a realm prefix), put a backslash () character in front of the symbol. Similarly, newline, tab, backspace, and NULL characters can be included in a component by using \textbf{n} , \textbf{t} , \textbf{b} or \textbf{0} , respectively. + +Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{principal\_out} when it is no longer needed. + +\begin{notice}{note}{Note:} +The realm in a Kerberos \emph{name} cannot contain slash, colon, or NULL characters. +\end{notice} + + +\subsubsection{krb5\_parse\_name\_flags - Convert a string principal name to a krb5\_principal with flags.} +\label{appdev/refs/api/krb5_parse_name_flags:krb5-parse-name-flags-convert-a-string-principal-name-to-a-krb5-principal-with-flags}\label{appdev/refs/api/krb5_parse_name_flags::doc}\index{krb5\_parse\_name\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_parse_name_flags:c.krb5_parse_name_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_parse\_name\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}, int\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â principal\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - String representation of a principal name + +\textbf{{[}in{]}} \textbf{flags} - Flag + +\textbf{{[}out{]}} \textbf{principal\_out} - New principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Similar to {\hyperref[appdev/refs/api/krb5_parse_name:c.krb5_parse_name]{\code{krb5\_parse\_name()}}} , this function converts a single-string representation of a principal name to a krb5\_principal structure. + +The following flags are valid: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:KRB5_PRINCIPAL_PARSE_NO_REALM]{\code{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM}}} - no realm must be present in \emph{name} + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:KRB5_PRINCIPAL_PARSE_REQUIRE_REALM]{\code{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM}}} - realm must be present in \emph{name} + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:KRB5_PRINCIPAL_PARSE_ENTERPRISE]{\code{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE}}} - create single-component enterprise principal + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:KRB5_PRINCIPAL_PARSE_IGNORE_REALM]{\code{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM}}} - ignore realm if present in \emph{name} + +\end{itemize} + +If \textbf{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM} or \textbf{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM} is specified in \emph{flags} , the realm of the new principal will be empty. Otherwise, the default realm for \emph{context} will be used if \emph{name} does not specify a realm. +\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{principal\_out} when it is no longer needed. + + +\subsubsection{krb5\_principal\_compare - Compare two principals.} +\label{appdev/refs/api/krb5_principal_compare:krb5-principal-compare-compare-two-principals}\label{appdev/refs/api/krb5_principal_compare::doc}\index{krb5\_principal\_compare (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_principal\_compare}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ1}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ2}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{princ1} - First principal + +\textbf{{[}in{]}} \textbf{princ2} - Second principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if the principals are the same; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_principal\_compare\_any\_realm - Compare two principals ignoring realm components.} +\label{appdev/refs/api/krb5_principal_compare_any_realm:krb5-principal-compare-any-realm-compare-two-principals-ignoring-realm-components}\label{appdev/refs/api/krb5_principal_compare_any_realm::doc}\index{krb5\_principal\_compare\_any\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_principal_compare_any_realm:c.krb5_principal_compare_any_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_principal\_compare\_any\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ1}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ2}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{princ1} - First principal + +\textbf{{[}in{]}} \textbf{princ2} - Second principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if the principals are the same; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + +Similar to {\hyperref[appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare]{\code{krb5\_principal\_compare()}}} , but do not compare the realm components of the principals. + + +\subsubsection{krb5\_principal\_compare\_flags - Compare two principals with additional flags.} +\label{appdev/refs/api/krb5_principal_compare_flags:krb5-principal-compare-flags-compare-two-principals-with-additional-flags}\label{appdev/refs/api/krb5_principal_compare_flags::doc}\index{krb5\_principal\_compare\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_principal_compare_flags:c.krb5_principal_compare_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_principal\_compare\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ1}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ2}, int\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{princ1} - First principal + +\textbf{{[}in{]}} \textbf{princ2} - Second principal + +\textbf{{[}in{]}} \textbf{flags} - Flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if the principal names are the same; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + +Valid flags are: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:KRB5_PRINCIPAL_COMPARE_IGNORE_REALM]{\code{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM}}} - ignore realm component + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:KRB5_PRINCIPAL_COMPARE_ENTERPRISE]{\code{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE}}} - UPNs as real principals + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:KRB5_PRINCIPAL_COMPARE_CASEFOLD]{\code{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD}}} case-insensitive + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:KRB5_PRINCIPAL_COMPARE_UTF8]{\code{KRB5\_PRINCIPAL\_COMPARE\_UTF8}}} - treat principals as UTF-8 + +\end{itemize} + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare]{\code{krb5\_principal\_compare()}}} + + + + +\subsubsection{krb5\_prompter\_posix - Prompt user for password.} +\label{appdev/refs/api/krb5_prompter_posix:krb5-prompter-posix-prompt-user-for-password}\label{appdev/refs/api/krb5_prompter_posix::doc}\index{krb5\_prompter\_posix (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_prompter_posix:c.krb5_prompter_posix}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_prompter\_posix}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, void *\emph{Â data}, const char *\emph{Â name}, const char *\emph{Â banner}, int\emph{Â num\_prompts}, {\hyperref[appdev/refs/types/krb5_prompt:c.krb5_prompt]{krb5\_prompt}}\emph{Â prompts}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{data} - Unused (callback argument) + +\textbf{{[}in{]}} \textbf{name} - Name to output during prompt + +\textbf{{[}in{]}} \textbf{banner} - Banner to output during prompt + +\textbf{{[}in{]}} \textbf{num\_prompts} - Number of prompts in \emph{prompts} + +\textbf{{[}in{]}} \textbf{prompts} - Array of prompts and replies + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function is intended to be used as a prompter callback for {\hyperref[appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password]{\code{krb5\_get\_init\_creds\_password()}}} or {\hyperref[appdev/refs/api/krb5_init_creds_init:c.krb5_init_creds_init]{\code{krb5\_init\_creds\_init()}}} . + +Writes \emph{name} and \emph{banner} to stdout, each followed by a newline, then writes each prompt field in the \emph{prompts} array, followed by'':'', and sets the reply field of the entry to a line of input read from stdin. If the hidden flag is set for a prompt, then terminal echoing is turned off when input is read. + + +\subsubsection{krb5\_realm\_compare - Compare the realms of two principals.} +\label{appdev/refs/api/krb5_realm_compare::doc}\label{appdev/refs/api/krb5_realm_compare:krb5-realm-compare-compare-the-realms-of-two-principals}\index{krb5\_realm\_compare (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_realm_compare:c.krb5_realm_compare}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_realm\_compare}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ1}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ2}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{princ1} - First principal + +\textbf{{[}in{]}} \textbf{princ2} - Second principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if the realm names are the same; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_responder\_get\_challenge - Retrieve the challenge data for a given question in the responder context.} +\label{appdev/refs/api/krb5_responder_get_challenge:krb5-responder-get-challenge-retrieve-the-challenge-data-for-a-given-question-in-the-responder-context}\label{appdev/refs/api/krb5_responder_get_challenge::doc}\index{krb5\_responder\_get\_challenge (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge}\pysiglinewithargsret{const char * \bfcode{krb5\_responder\_get\_challenge}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, const char *\emph{Â question}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{question} - Question name + +\end{description}\end{quote} + +Return a pointer to a C string containing the challenge for \emph{question} within \emph{rctx} , or NULL if the question is not present in \emph{rctx} . The structure of the question depends on the question name, but will always be printable UTF-8 text. The returned pointer is an alias, valid only as long as the lifetime of \emph{rctx} , and should not be modified or freed by the caller. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_list\_questions - List the question names contained in the responder context.} +\label{appdev/refs/api/krb5_responder_list_questions::doc}\label{appdev/refs/api/krb5_responder_list_questions:krb5-responder-list-questions-list-the-question-names-contained-in-the-responder-context}\index{krb5\_responder\_list\_questions (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_list_questions:c.krb5_responder_list_questions}\pysiglinewithargsret{const char *const * \bfcode{krb5\_responder\_list\_questions}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\end{description}\end{quote} + +Return a pointer to a null-terminated list of question names which are present in \emph{rctx} . The pointer is an alias, valid only as long as the lifetime of \emph{rctx} , and should not be modified or freed by the caller. A question's challenge can be retrieved using {\hyperref[appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge]{\code{krb5\_responder\_get\_challenge()}}} and answered using {\hyperref[appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer]{\code{krb5\_responder\_set\_answer()}}} . + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_set\_answer - Answer a named question in the responder context.} +\label{appdev/refs/api/krb5_responder_set_answer:krb5-responder-set-answer-answer-a-named-question-in-the-responder-context}\label{appdev/refs/api/krb5_responder_set_answer::doc}\index{krb5\_responder\_set\_answer (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_responder\_set\_answer}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, const char *\emph{Â question}, const char *\emph{Â answer}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{question} - Question name + +\textbf{{[}in{]}} \textbf{answer} - The string to set (MUST be printable UTF-8) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +EINVAL question is not present within rctx + +\end{itemize} + +\end{description}\end{quote} + +This function supplies an answer to \emph{question} within \emph{rctx} . The appropriate form of the answer depends on the question name. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_otp\_get\_challenge - Decode the KRB5\_RESPONDER\_QUESTION\_OTP to a C struct.} +\label{appdev/refs/api/krb5_responder_otp_get_challenge:krb5-responder-otp-get-challenge-decode-the-krb5-responder-question-otp-to-a-c-struct}\label{appdev/refs/api/krb5_responder_otp_get_challenge::doc}\index{krb5\_responder\_otp\_get\_challenge (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_otp_get_challenge:c.krb5_responder_otp_get_challenge}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_responder\_otp\_get\_challenge}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, {\hyperref[appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge]{krb5\_responder\_otp\_challenge}} **\emph{Â chl}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}out{]}} \textbf{chl} - Challenge structure + +\end{description}\end{quote} + +A convenience function which parses the KRB5\_RESPONDER\_QUESTION\_OTP question challenge data, making it available in native C. The main feature of this function is the ability to interact with OTP tokens without parsing the JSON. + +The returned value must be passed to {\hyperref[appdev/refs/api/krb5_responder_otp_challenge_free:c.krb5_responder_otp_challenge_free]{\code{krb5\_responder\_otp\_challenge\_free()}}} to be freed. + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_otp\_set\_answer - Answer the KRB5\_RESPONDER\_QUESTION\_OTP question.} +\label{appdev/refs/api/krb5_responder_otp_set_answer:krb5-responder-otp-set-answer-answer-the-krb5-responder-question-otp-question}\label{appdev/refs/api/krb5_responder_otp_set_answer::doc}\index{krb5\_responder\_otp\_set\_answer (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_otp_set_answer:c.krb5_responder_otp_set_answer}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_responder\_otp\_set\_answer}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, size\_t\emph{Â ti}, const char *\emph{Â value}, const char *\emph{Â pin}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{ti} - The index of the tokeninfo selected + +\textbf{{[}in{]}} \textbf{value} - The value to set, or NULL for none + +\textbf{{[}in{]}} \textbf{pin} - The pin to set, or NULL for none + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_otp\_challenge\_free - Free the value returned by krb5\_responder\_otp\_get\_challenge() .} +\label{appdev/refs/api/krb5_responder_otp_challenge_free:krb5-responder-otp-challenge-free-free-the-value-returned-by-krb5-responder-otp-get-challenge}\label{appdev/refs/api/krb5_responder_otp_challenge_free::doc}\index{krb5\_responder\_otp\_challenge\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_otp_challenge_free:c.krb5_responder_otp_challenge_free}\pysiglinewithargsret{void \bfcode{krb5\_responder\_otp\_challenge\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, {\hyperref[appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge]{krb5\_responder\_otp\_challenge}} *\emph{Â chl}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{chl} - The challenge to free + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_responder\_pkinit\_get\_challenge - Decode the KRB5\_RESPONDER\_QUESTION\_PKINIT to a C struct.} +\label{appdev/refs/api/krb5_responder_pkinit_get_challenge:krb5-responder-pkinit-get-challenge-decode-the-krb5-responder-question-pkinit-to-a-c-struct}\label{appdev/refs/api/krb5_responder_pkinit_get_challenge::doc}\index{krb5\_responder\_pkinit\_get\_challenge (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_pkinit_get_challenge:c.krb5_responder_pkinit_get_challenge}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_responder\_pkinit\_get\_challenge}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, {\hyperref[appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge]{krb5\_responder\_pkinit\_challenge}} **\emph{Â chl\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}out{]}} \textbf{chl\_out} - Challenge structure + +\end{description}\end{quote} + +A convenience function which parses the KRB5\_RESPONDER\_QUESTION\_PKINIT question challenge data, making it available in native C. The main feature of this function is the ability to read the challenge without parsing the JSON. + +The returned value must be passed to {\hyperref[appdev/refs/api/krb5_responder_pkinit_challenge_free:c.krb5_responder_pkinit_challenge_free]{\code{krb5\_responder\_pkinit\_challenge\_free()}}} to be freed. + +\begin{notice}{note}{Note:} +New in 1.12 +\end{notice} + + +\subsubsection{krb5\_responder\_pkinit\_set\_answer - Answer the KRB5\_RESPONDER\_QUESTION\_PKINIT question for one identity.} +\label{appdev/refs/api/krb5_responder_pkinit_set_answer:krb5-responder-pkinit-set-answer-answer-the-krb5-responder-question-pkinit-question-for-one-identity}\label{appdev/refs/api/krb5_responder_pkinit_set_answer::doc}\index{krb5\_responder\_pkinit\_set\_answer (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_pkinit_set_answer:c.krb5_responder_pkinit_set_answer}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_responder\_pkinit\_set\_answer}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, const char *\emph{Â identity}, const char *\emph{Â pin}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{identity} - The identity for which a PIN is being supplied + +\textbf{{[}in{]}} \textbf{pin} - The provided PIN, or NULL for none + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.12 +\end{notice} + + +\subsubsection{krb5\_responder\_pkinit\_challenge\_free - Free the value returned by krb5\_responder\_pkinit\_get\_challenge() .} +\label{appdev/refs/api/krb5_responder_pkinit_challenge_free:krb5-responder-pkinit-challenge-free-free-the-value-returned-by-krb5-responder-pkinit-get-challenge}\label{appdev/refs/api/krb5_responder_pkinit_challenge_free::doc}\index{krb5\_responder\_pkinit\_challenge\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_responder_pkinit_challenge_free:c.krb5_responder_pkinit_challenge_free}\pysiglinewithargsret{void \bfcode{krb5\_responder\_pkinit\_challenge\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_responder_context:c.krb5_responder_context]{krb5\_responder\_context}}\emph{Â rctx}, {\hyperref[appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge]{krb5\_responder\_pkinit\_challenge}} *\emph{Â chl}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{rctx} - Responder context + +\textbf{{[}in{]}} \textbf{chl} - The challenge to free + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.12 +\end{notice} + + +\subsubsection{krb5\_set\_default\_realm - Override the default realm for the specified context.} +\label{appdev/refs/api/krb5_set_default_realm::doc}\label{appdev/refs/api/krb5_set_default_realm:krb5-set-default-realm-override-the-default-realm-for-the-specified-context}\index{krb5\_set\_default\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_default_realm:c.krb5_set_default_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_default\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â lrealm}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{lrealm} - Realm name for the default realm + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If \emph{lrealm} is NULL, clear the default realm setting. + + +\subsubsection{krb5\_set\_password - Set a password for a principal using specified credentials.} +\label{appdev/refs/api/krb5_set_password:krb5-set-password-set-a-password-for-a-principal-using-specified-credentials}\label{appdev/refs/api/krb5_set_password::doc}\index{krb5\_set\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_password:c.krb5_set_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, const char *\emph{Â newpw}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â change\_password\_for}, int *\emph{Â result\_code}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_code\_string}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_string}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{creds} - Credentials for kadmin/changepw service + +\textbf{{[}in{]}} \textbf{newpw} - New password + +\textbf{{[}in{]}} \textbf{change\_password\_for} - Change the password for this principal + +\textbf{{[}out{]}} \textbf{result\_code} - Numeric error code from server + +\textbf{{[}out{]}} \textbf{result\_code\_string} - String equivalent to \emph{result\_code} + +\textbf{{[}out{]}} \textbf{result\_string} - Data returned from the remote system + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success and result\_code is set to KRB5\_KPASSWD\_SUCCESS . + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes. + +\end{itemize} + +\end{description}\end{quote} + +This function uses the credentials \emph{creds} to set the password \emph{newpw} for the principal \emph{change\_password\_for} . It implements the set password operation of RFC 3244, for interoperability with Microsoft Windows implementations. + +The error code and strings are returned in \emph{result\_code} , \emph{result\_code\_string} and \emph{result\_string} . + +\begin{notice}{note}{Note:} +If \emph{change\_password\_for} is NULL, the change is performed on the current principal. If \emph{change\_password\_for} is non-null, the change is performed on the principal name passed in \emph{change\_password\_for} . +\end{notice} + + +\subsubsection{krb5\_set\_password\_using\_ccache - Set a password for a principal using cached credentials.} +\label{appdev/refs/api/krb5_set_password_using_ccache:krb5-set-password-using-ccache-set-a-password-for-a-principal-using-cached-credentials}\label{appdev/refs/api/krb5_set_password_using_ccache::doc}\index{krb5\_set\_password\_using\_ccache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_password_using_ccache:c.krb5_set_password_using_ccache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_password\_using\_ccache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, const char *\emph{Â newpw}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â change\_password\_for}, int *\emph{Â result\_code}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_code\_string}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â result\_string}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache + +\textbf{{[}in{]}} \textbf{newpw} - New password + +\textbf{{[}in{]}} \textbf{change\_password\_for} - Change the password for this principal + +\textbf{{[}out{]}} \textbf{result\_code} - Numeric error code from server + +\textbf{{[}out{]}} \textbf{result\_code\_string} - String equivalent to \emph{result\_code} + +\textbf{{[}out{]}} \textbf{result\_string} - Data returned from the remote system + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function uses the cached credentials from \emph{ccache} to set the password \emph{newpw} for the principal \emph{change\_password\_for} . It implements RFC 3244 set password operation (interoperable with MS Windows implementations) using the credential cache. + +The error code and strings are returned in \emph{result\_code} , \emph{result\_code\_string} and \emph{result\_string} . + +\begin{notice}{note}{Note:} +If \emph{change\_password\_for} is set to NULL, the change is performed on the default principal in \emph{ccache} . If \emph{change\_password\_for} is non null, the change is performed on the specified principal. +\end{notice} + + +\subsubsection{krb5\_set\_principal\_realm - Set the realm field of a principal.} +\label{appdev/refs/api/krb5_set_principal_realm::doc}\label{appdev/refs/api/krb5_set_principal_realm:krb5-set-principal-realm-set-the-realm-field-of-a-principal}\index{krb5\_set\_principal\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_principal_realm:c.krb5_set_principal_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_principal\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â principal}, const char *\emph{Â realm}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal name + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Set the realm name part of \emph{principal} to \emph{realm} , overwriting the previous realm. + + +\subsubsection{krb5\_set\_trace\_callback - Specify a callback function for trace events.} +\label{appdev/refs/api/krb5_set_trace_callback:krb5-set-trace-callback-specify-a-callback-function-for-trace-events}\label{appdev/refs/api/krb5_set_trace_callback::doc}\index{krb5\_set\_trace\_callback (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_trace_callback:c.krb5_set_trace_callback}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_trace\_callback}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_trace_callback:c.krb5_trace_callback]{krb5\_trace\_callback}}\emph{Â fn}, void *\emph{Â cb\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{fn} - Callback function + +\textbf{{[}in{]}} \textbf{cb\_data} - Callback data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +Returns KRB5\_TRACE\_NOSUPP if tracing is not supported in the library (unless fn is NULL). + +\end{itemize} + +\end{description}\end{quote} + +Specify a callback for trace events occurring in krb5 operations performed within \emph{context} . \emph{fn} will be invoked with \emph{context} as the first argument, \emph{cb\_data} as the last argument, and a pointer to a krb5\_trace\_info as the second argument. If the trace callback is reset via this function or \emph{context} is destroyed, \emph{fn} will be invoked with a NULL second argument so it can clean up \emph{cb\_data} . Supply a NULL value for \emph{fn} to disable trace callbacks within \emph{context} . + +\begin{notice}{note}{Note:} +This function overrides the information passed through the \emph{KRB5\_TRACE} environment variable. +\end{notice} + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_set\_trace\_filename - Specify a file name for directing trace events.} +\label{appdev/refs/api/krb5_set_trace_filename:krb5-set-trace-filename-specify-a-file-name-for-directing-trace-events}\label{appdev/refs/api/krb5_set_trace_filename::doc}\index{krb5\_set\_trace\_filename (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_trace_filename:c.krb5_set_trace_filename}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_trace\_filename}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â filename}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{filename} - File name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +KRB5\_TRACE\_NOSUPP Tracing is not supported in the library. + +\end{itemize} + +\end{description}\end{quote} + +Open \emph{filename} for appending (creating it, if necessary) and set up a callback to write trace events to it. + +\begin{notice}{note}{Note:} +This function overrides the information passed through the \emph{KRB5\_TRACE} environment variable. +\end{notice} + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_sname\_match - Test whether a principal matches a matching principal.} +\label{appdev/refs/api/krb5_sname_match::doc}\label{appdev/refs/api/krb5_sname_match:krb5-sname-match-test-whether-a-principal-matches-a-matching-principal}\index{krb5\_sname\_match (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_sname_match:c.krb5_sname_match}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_sname\_match}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â matching}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{matching} - Matching principal + +\textbf{{[}in{]}} \textbf{princ} - Principal to test + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if princ matches matching , FALSE otherwise. + +\end{itemize} + +\end{description}\end{quote} + +If \emph{matching} is NULL, return TRUE. If \emph{matching} is not a matching principal, return the value of krb5\_principal\_compare(context, matching, princ). + +\begin{notice}{note}{Note:} +A matching principal is a host-based principal with an empty realm and/or second data component (hostname). Profile configuration may cause the hostname to be ignored even if it is present. A principal matches a matching principal if the former has the same non-empty (and non-ignored) components of the latter. +\end{notice} + + +\subsubsection{krb5\_sname\_to\_principal - Generate a full principal name from a service name.} +\label{appdev/refs/api/krb5_sname_to_principal:krb5-sname-to-principal-generate-a-full-principal-name-from-a-service-name}\label{appdev/refs/api/krb5_sname_to_principal::doc}\index{krb5\_sname\_to\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_sname_to_principal:c.krb5_sname_to_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_sname\_to\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â hostname}, const char *\emph{Â sname}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â type}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â ret\_princ}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{hostname} - Host name, or NULL to use local host + +\textbf{{[}in{]}} \textbf{sname} - Service name, or NULL to use \textbf{``host''} + +\textbf{{[}in{]}} \textbf{type} - Principal type + +\textbf{{[}out{]}} \textbf{ret\_princ} - Generated principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function converts a \emph{hostname} and \emph{sname} into \emph{krb5\_principal} structure \emph{ret\_princ} . The returned principal will be of the form \emph{sname/hostname@REALM} where REALM is determined by {\hyperref[appdev/refs/api/krb5_get_host_realm:c.krb5_get_host_realm]{\code{krb5\_get\_host\_realm()}}} . In some cases this may be the referral (empty) realm. + +The \emph{type} can be one of the following: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_NT_SRV_HST:KRB5_NT_SRV_HST]{\code{KRB5\_NT\_SRV\_HST}}} canonicalizes the host name before looking up the realm and generating the principal. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_NT_UNKNOWN:KRB5_NT_UNKNOWN]{\code{KRB5\_NT\_UNKNOWN}}} accepts the hostname as given, and does not canonicalize it. + +\end{itemize} + +Use krb5\_free\_principal to free \emph{ret\_princ} when it is no longer needed. +\end{quote} + + +\subsubsection{krb5\_unparse\_name - Convert a krb5\_principal structure to a string representation.} +\label{appdev/refs/api/krb5_unparse_name:krb5-unparse-name-convert-a-krb5-principal-structure-to-a-string-representation}\label{appdev/refs/api/krb5_unparse_name::doc}\index{krb5\_unparse\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_unparse\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, register char **\emph{Â name}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal + +\textbf{{[}out{]}} \textbf{name} - String representation of principal name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The resulting string representation uses the format and quoting conventions described for {\hyperref[appdev/refs/api/krb5_parse_name:c.krb5_parse_name]{\code{krb5\_parse\_name()}}} . + +Use {\hyperref[appdev/refs/api/krb5_free_unparsed_name:c.krb5_free_unparsed_name]{\code{krb5\_free\_unparsed\_name()}}} to free \emph{name} when it is no longer needed. + + +\subsubsection{krb5\_unparse\_name\_ext - Convert krb5\_principal structure to string and length.} +\label{appdev/refs/api/krb5_unparse_name_ext:krb5-unparse-name-ext-convert-krb5-principal-structure-to-string-and-length}\label{appdev/refs/api/krb5_unparse_name_ext::doc}\index{krb5\_unparse\_name\_ext (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_unparse_name_ext:c.krb5_unparse_name_ext}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_unparse\_name\_ext}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, char **\emph{Â name}, unsigned int *\emph{Â size}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal + +\textbf{{[}inout{]}} \textbf{name} - String representation of principal name + +\textbf{{[}inout{]}} \textbf{size} - Size of unparsed name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes. On failure name is set to NULL + +\end{itemize} + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name]{\code{krb5\_unparse\_name()}}} , but allows the use of an existing buffer for the result. If size is not NULL, then \emph{name} must point to either NULL or an existing buffer of at least the size pointed to by \emph{size} . The buffer will be allocated or resized if necessary, with the new pointer stored into \emph{name} . Whether or not the buffer is resized, the necessary space for the result, including null terminator, will be stored into \emph{size} . + +If size is NULL, this function behaves exactly as {\hyperref[appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name]{\code{krb5\_unparse\_name()}}} . + + +\subsubsection{krb5\_unparse\_name\_flags - Convert krb5\_principal structure to a string with flags.} +\label{appdev/refs/api/krb5_unparse_name_flags::doc}\label{appdev/refs/api/krb5_unparse_name_flags:krb5-unparse-name-flags-convert-krb5-principal-structure-to-a-string-with-flags}\index{krb5\_unparse\_name\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_unparse_name_flags:c.krb5_unparse_name_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_unparse\_name\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, int\emph{Â flags}, char **\emph{Â name}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal + +\textbf{{[}in{]}} \textbf{flags} - Flags + +\textbf{{[}out{]}} \textbf{name} - String representation of principal name + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes. On failure name is set to NULL + +\end{itemize} + +\end{description}\end{quote} + +Similar to {\hyperref[appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name]{\code{krb5\_unparse\_name()}}} , this function converts a krb5\_principal structure to a string representation. + +The following flags are valid: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:KRB5_PRINCIPAL_UNPARSE_SHORT]{\code{KRB5\_PRINCIPAL\_UNPARSE\_SHORT}}} - omit realm if it is the local realm + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:KRB5_PRINCIPAL_UNPARSE_NO_REALM]{\code{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM}}} - omit realm + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:KRB5_PRINCIPAL_UNPARSE_DISPLAY]{\code{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY}}} - do not quote special characters + +\end{itemize} + +Use {\hyperref[appdev/refs/api/krb5_free_unparsed_name:c.krb5_free_unparsed_name]{\code{krb5\_free\_unparsed\_name()}}} to free \emph{name} when it is no longer needed. +\end{quote} + + +\subsubsection{krb5\_unparse\_name\_flags\_ext - Convert krb5\_principal structure to string format with flags.} +\label{appdev/refs/api/krb5_unparse_name_flags_ext:krb5-unparse-name-flags-ext-convert-krb5-principal-structure-to-string-format-with-flags}\label{appdev/refs/api/krb5_unparse_name_flags_ext::doc}\index{krb5\_unparse\_name\_flags\_ext (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_unparse_name_flags_ext:c.krb5_unparse_name_flags_ext}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_unparse\_name\_flags\_ext}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, int\emph{Â flags}, char **\emph{Â name}, unsigned int *\emph{Â size}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{principal} - Principal + +\textbf{{[}in{]}} \textbf{flags} - Flags + +\textbf{{[}out{]}} \textbf{name} - Single string format of principal name + +\textbf{{[}out{]}} \textbf{size} - Size of unparsed name buffer + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes. On failure name is set to NULL + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_us\_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.} +\label{appdev/refs/api/krb5_us_timeofday:krb5-us-timeofday-retrieve-the-system-time-of-day-in-sec-and-ms-since-the-epoch}\label{appdev/refs/api/krb5_us_timeofday::doc}\index{krb5\_us\_timeofday (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_us_timeofday:c.krb5_us_timeofday}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_us\_timeofday}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â seconds}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â microseconds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{seconds} - System timeofday, seconds portion + +\textbf{{[}out{]}} \textbf{microseconds} - System timeofday, microseconds portion + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function retrieves the system time of day with the context specific time offset adjustment. + + +\subsubsection{krb5\_verify\_authdata\_kdc\_issued - Unwrap and verify AD-KDCIssued authorization data.} +\label{appdev/refs/api/krb5_verify_authdata_kdc_issued:krb5-verify-authdata-kdc-issued-unwrap-and-verify-ad-kdcissued-authorization-data}\label{appdev/refs/api/krb5_verify_authdata_kdc_issued::doc}\index{krb5\_verify\_authdata\_kdc\_issued (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_verify_authdata_kdc_issued:c.krb5_verify_authdata_kdc_issued}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_verify\_authdata\_kdc\_issued}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, const {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *\emph{Â ad\_kdcissued}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â issuer}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â authdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Session key + +\textbf{{[}in{]}} \textbf{ad\_kdcissued} - AD-KDCIssued authorization data to be unwrapped + +\textbf{{[}out{]}} \textbf{issuer} - Name of issuing principal (or NULL) + +\textbf{{[}out{]}} \textbf{authdata} - Unwrapped list of authorization data + +\end{description}\end{quote} + +This function unwraps an AD-KDCIssued authdatum (see RFC 4120 section 5.2.6.2) and verifies its signature against \emph{key} . The issuer field of the authdatum element is returned in \emph{issuer} , and the unwrapped list of authdata is returned in \emph{authdata} . + + +\subsection{Rarely used public interfaces} +\label{appdev/refs/api/index:rarely-used-public-interfaces} + +\subsubsection{krb5\_425\_conv\_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.} +\label{appdev/refs/api/krb5_425_conv_principal:krb5-425-conv-principal-convert-a-kerberos-v4-principal-to-a-kerberos-v5-principal}\label{appdev/refs/api/krb5_425_conv_principal::doc}\index{krb5\_425\_conv\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_425_conv_principal:c.krb5_425_conv_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_425\_conv\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}, const char *\emph{Â instance}, const char *\emph{Â realm}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â princ}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - V4 name + +\textbf{{[}in{]}} \textbf{instance} - V4 instance + +\textbf{{[}in{]}} \textbf{realm} - Realm + +\textbf{{[}out{]}} \textbf{princ} - V5 principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function builds a \emph{princ} from V4 specification based on given input \emph{name.instance@realm} . + +Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{princ} when it is no longer needed. + + +\subsubsection{krb5\_524\_conv\_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.} +\label{appdev/refs/api/krb5_524_conv_principal:krb5-524-conv-principal-convert-a-kerberos-v5-principal-to-a-kerberos-v4-principal}\label{appdev/refs/api/krb5_524_conv_principal::doc}\index{krb5\_524\_conv\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_524_conv_principal:c.krb5_524_conv_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_524\_conv\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â princ}, char *\emph{Â name}, char *\emph{Â inst}, char *\emph{Â realm}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{princ} - V5 Principal + +\textbf{{[}out{]}} \textbf{name} - V4 principal's name to be filled in + +\textbf{{[}out{]}} \textbf{inst} - V4 principal's instance name to be filled in + +\textbf{{[}out{]}} \textbf{realm} - Principal's realm name to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_INVALID\_PRINCIPAL Invalid principal name + +\item {} +KRB5\_CONFIG\_CANTOPEN Can't open or find Kerberos configuration file + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function separates a V5 principal \emph{princ} into \emph{name} , \emph{instance} , and \emph{realm} . + + +\subsubsection{krb5\_address\_compare - Compare two Kerberos addresses.} +\label{appdev/refs/api/krb5_address_compare:krb5-address-compare-compare-two-kerberos-addresses}\label{appdev/refs/api/krb5_address_compare::doc}\index{krb5\_address\_compare (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_address_compare:c.krb5_address_compare}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_address\_compare}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â addr1}, const {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â addr2}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{addr1} - First address to be compared + +\textbf{{[}in{]}} \textbf{addr2} - Second address to be compared + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if the addresses are the same, FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_address\_order - Return an ordering of the specified addresses.} +\label{appdev/refs/api/krb5_address_order:krb5-address-order-return-an-ordering-of-the-specified-addresses}\label{appdev/refs/api/krb5_address_order::doc}\index{krb5\_address\_order (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_address_order:c.krb5_address_order}\pysiglinewithargsret{int \bfcode{krb5\_address\_order}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â addr1}, const {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â addr2}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{addr1} - First address + +\textbf{{[}in{]}} \textbf{addr2} - Second address + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 The two addresses are the same + +\item {} +\textless{} 0 First address is less than second + +\item {} +\textgreater{} 0 First address is greater than second + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_address\_search - Search a list of addresses for a specified address.} +\label{appdev/refs/api/krb5_address_search:krb5-address-search-search-a-list-of-addresses-for-a-specified-address}\label{appdev/refs/api/krb5_address_search::doc}\index{krb5\_address\_search (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_address_search:c.krb5_address_search}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_address\_search}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â addr}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *const *\emph{Â addrlist}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{addr} - Address to search for + +\textbf{{[}in{]}} \textbf{addrlist} - Address list to be searched (or NULL) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if addr is listed in addrlist , or addrlist is NULL; FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +If \emph{addrlist} contains only a NetBIOS addresses, it will be treated as a null list. +\end{notice} + + +\subsubsection{krb5\_allow\_weak\_crypto - Allow the appplication to override the profile's allow\_weak\_crypto setting.} +\label{appdev/refs/api/krb5_allow_weak_crypto::doc}\label{appdev/refs/api/krb5_allow_weak_crypto:krb5-allow-weak-crypto-allow-the-appplication-to-override-the-profile-s-allow-weak-crypto-setting}\index{krb5\_allow\_weak\_crypto (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_allow_weak_crypto:c.krb5_allow_weak_crypto}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_allow\_weak\_crypto}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}}\emph{Â enable}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enable} - Boolean flag + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +This function allows an application to override the allow\_weak\_crypto setting. It is primarily for use by aklog. + + +\subsubsection{krb5\_aname\_to\_localname - Convert a principal name to a local name.} +\label{appdev/refs/api/krb5_aname_to_localname::doc}\label{appdev/refs/api/krb5_aname_to_localname:krb5-aname-to-localname-convert-a-principal-name-to-a-local-name}\index{krb5\_aname\_to\_localname (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_aname_to_localname:c.krb5_aname_to_localname}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_aname\_to\_localname}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â aname}, int\emph{Â lnsize\_in}, char *\emph{Â lname}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{aname} - Principal name + +\textbf{{[}in{]}} \textbf{lnsize\_in} - Space available in \emph{lname} + +\textbf{{[}out{]}} \textbf{lname} - Local name buffer to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +System errors + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If \emph{aname} does not correspond to any local account, KRB5\_LNAME\_NOTRANS is returned. If \emph{lnsize\_in} is too small for the local name, KRB5\_CONFIG\_NOTENUFSPACE is returned. + +Local names, rather than principal names, can be used by programs that translate to an environment-specific name (for example, a user account name). + + +\subsubsection{krb5\_anonymous\_principal - Build an anonymous principal.} +\label{appdev/refs/api/krb5_anonymous_principal:krb5-anonymous-principal-build-an-anonymous-principal}\label{appdev/refs/api/krb5_anonymous_principal::doc}\index{krb5\_anonymous\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_anonymous_principal:c.krb5_anonymous_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}} \bfcode{krb5\_anonymous\_principal}}{void\emph{Â None}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{None} + +\end{description}\end{quote} + +This function returns constant storage that must not be freed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:KRB5_ANONYMOUS_PRINCSTR]{\code{KRB5\_ANONYMOUS\_PRINCSTR}}} + + + + +\subsubsection{krb5\_anonymous\_realm - Return an anonymous realm data.} +\label{appdev/refs/api/krb5_anonymous_realm::doc}\label{appdev/refs/api/krb5_anonymous_realm:krb5-anonymous-realm-return-an-anonymous-realm-data}\index{krb5\_anonymous\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_anonymous_realm:c.krb5_anonymous_realm}\pysiglinewithargsret{const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_anonymous\_realm}}{void\emph{Â None}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{None} + +\end{description}\end{quote} + +This function returns constant storage that must not be freed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:KRB5_ANONYMOUS_REALMSTR]{\code{KRB5\_ANONYMOUS\_REALMSTR}}} + + + + +\subsubsection{krb5\_appdefault\_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.} +\label{appdev/refs/api/krb5_appdefault_boolean::doc}\label{appdev/refs/api/krb5_appdefault_boolean:krb5-appdefault-boolean-retrieve-a-boolean-value-from-the-appdefaults-section-of-krb5-conf}\index{krb5\_appdefault\_boolean (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_appdefault_boolean:c.krb5_appdefault_boolean}\pysiglinewithargsret{void \bfcode{krb5\_appdefault\_boolean}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â appname}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â realm}, const char *\emph{Â option}, int\emph{Â default\_value}, int *\emph{Â ret\_value}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{appname} - Application name + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\textbf{{[}in{]}} \textbf{option} - Option to be checked + +\textbf{{[}in{]}} \textbf{default\_value} - Default value to return if no match is found + +\textbf{{[}out{]}} \textbf{ret\_value} - Boolean value of \emph{option} + +\end{description}\end{quote} + +This function gets the application defaults for \emph{option} based on the given \emph{appname} and/or \emph{realm} . + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_appdefault_string:c.krb5_appdefault_string]{\code{krb5\_appdefault\_string()}}} + + + + +\subsubsection{krb5\_appdefault\_string - Retrieve a string value from the appdefaults section of krb5.conf.} +\label{appdev/refs/api/krb5_appdefault_string::doc}\label{appdev/refs/api/krb5_appdefault_string:krb5-appdefault-string-retrieve-a-string-value-from-the-appdefaults-section-of-krb5-conf}\index{krb5\_appdefault\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_appdefault_string:c.krb5_appdefault_string}\pysiglinewithargsret{void \bfcode{krb5\_appdefault\_string}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â appname}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â realm}, const char *\emph{Â option}, const char *\emph{Â default\_value}, char **\emph{Â ret\_value}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{appname} - Application name + +\textbf{{[}in{]}} \textbf{realm} - Realm name + +\textbf{{[}in{]}} \textbf{option} - Option to be checked + +\textbf{{[}in{]}} \textbf{default\_value} - Default value to return if no match is found + +\textbf{{[}out{]}} \textbf{ret\_value} - String value of \emph{option} + +\end{description}\end{quote} + +This function gets the application defaults for \emph{option} based on the given \emph{appname} and/or \emph{realm} . + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_appdefault_boolean:c.krb5_appdefault_boolean]{\code{krb5\_appdefault\_boolean()}}} + + + + +\subsubsection{krb5\_auth\_con\_free - Free a krb5\_auth\_context structure.} +\label{appdev/refs/api/krb5_auth_con_free:krb5-auth-con-free-free-a-krb5-auth-context-structure}\label{appdev/refs/api/krb5_auth_con_free::doc}\index{krb5\_auth\_con\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_free:c.krb5_auth_con_free}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context to be freed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +This function frees an auth context allocated by {\hyperref[appdev/refs/api/krb5_auth_con_init:c.krb5_auth_con_init]{\code{krb5\_auth\_con\_init()}}} . + + +\subsubsection{krb5\_auth\_con\_genaddrs - Generate auth context addresses from a connected socket.} +\label{appdev/refs/api/krb5_auth_con_genaddrs::doc}\label{appdev/refs/api/krb5_auth_con_genaddrs:krb5-auth-con-genaddrs-generate-auth-context-addresses-from-a-connected-socket}\index{krb5\_auth\_con\_genaddrs (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_genaddrs:c.krb5_auth_con_genaddrs}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_genaddrs}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, int\emph{Â infd}, int\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{infd} - Connected socket descriptor + +\textbf{{[}in{]}} \textbf{flags} - Flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the local and/or remote addresses in \emph{auth\_context} based on the local and remote endpoints of the socket \emph{infd} . The following flags determine the operations performed: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR]{\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR}}} Generate local address. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR]{\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR}}} Generate remote address. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR]{\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR}}} Generate local address and port. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR]{\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR}}} Generate remote address and port. + +\end{itemize} + + +\subsubsection{krb5\_auth\_con\_get\_checksum\_func - Get the checksum callback from an auth context.} +\label{appdev/refs/api/krb5_auth_con_get_checksum_func::doc}\label{appdev/refs/api/krb5_auth_con_get_checksum_func:krb5-auth-con-get-checksum-func-get-the-checksum-callback-from-an-auth-context}\index{krb5\_auth\_con\_get\_checksum\_func (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_get_checksum_func:c.krb5_auth_con_get_checksum_func}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_get\_checksum\_func}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func]{krb5\_mk\_req\_checksum\_func}} *\emph{Â func}, void **\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{func} - Checksum callback + +\textbf{{[}out{]}} \textbf{data} - Callback argument + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_auth\_con\_getaddrs - Retrieve address fields from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getaddrs:krb5-auth-con-getaddrs-retrieve-address-fields-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getaddrs::doc}\index{krb5\_auth\_con\_getaddrs (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getaddrs:c.krb5_auth_con_getaddrs}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getaddrs}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} **\emph{Â local\_addr}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} **\emph{Â remote\_addr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{local\_addr} - Local address (NULL if not needed) + +\textbf{{[}out{]}} \textbf{remote\_addr} - Remote address (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_auth\_con\_getauthenticator - Retrieve the authenticator from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getauthenticator:krb5-auth-con-getauthenticator-retrieve-the-authenticator-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getauthenticator::doc}\index{krb5\_auth\_con\_getauthenticator (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getauthenticator:c.krb5_auth_con_getauthenticator}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getauthenticator}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_authenticator:c.krb5_authenticator]{krb5\_authenticator}} **\emph{Â authenticator}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{authenticator} - Authenticator + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success. Otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_authenticator:c.krb5_free_authenticator]{\code{krb5\_free\_authenticator()}}} to free \emph{authenticator} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_getflags - Retrieve flags from a krb5\_auth\_context structure.} +\label{appdev/refs/api/krb5_auth_con_getflags:krb5-auth-con-getflags-retrieve-flags-from-a-krb5-auth-context-structure}\label{appdev/refs/api/krb5_auth_con_getflags::doc}\index{krb5\_auth\_con\_getflags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getflags:c.krb5_auth_con_getflags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getflags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{flags} - Flags bit mask + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +Valid values for \emph{flags} are: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} Use timestamps + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} Save timestamps + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} Use sequence numbers + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} Save sequence numbers + +\end{itemize} + + +\subsubsection{krb5\_auth\_con\_getkey - Retrieve the session key from an auth context as a keyblock.} +\label{appdev/refs/api/krb5_auth_con_getkey::doc}\label{appdev/refs/api/krb5_auth_con_getkey:krb5-auth-con-getkey-retrieve-the-session-key-from-an-auth-context-as-a-keyblock}\index{krb5\_auth\_con\_getkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getkey:c.krb5_auth_con_getkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{keyblock} - Session key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success. Otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a keyblock containing the session key from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{keyblock} when it is no longer needed + + +\subsubsection{krb5\_auth\_con\_getkey\_k - Retrieve the session key from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getkey_k:krb5-auth-con-getkey-k-retrieve-the-session-key-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getkey_k::doc}\index{krb5\_auth\_con\_getkey\_k (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getkey_k:c.krb5_auth_con_getkey_k}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getkey\_k}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{key} - Session key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +This function sets \emph{key} to the session key from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key]{\code{krb5\_k\_free\_key()}}} to release \emph{key} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_getlocalseqnumber - Retrieve the local sequence number from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getlocalseqnumber::doc}\label{appdev/refs/api/krb5_auth_con_getlocalseqnumber:krb5-auth-con-getlocalseqnumber-retrieve-the-local-sequence-number-from-an-auth-context}\index{krb5\_auth\_con\_getlocalseqnumber (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getlocalseqnumber:c.krb5_auth_con_getlocalseqnumber}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getlocalseqnumber}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â seqnumber}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{seqnumber} - Local sequence number + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Retrieve the local sequence number from \emph{auth\_context} and return it in \emph{seqnumber} . The {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} flag must be set in \emph{auth\_context} for this function to be useful. + + +\subsubsection{krb5\_auth\_con\_getrcache - Retrieve the replay cache from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getrcache:krb5-auth-con-getrcache-retrieve-the-replay-cache-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getrcache::doc}\index{krb5\_auth\_con\_getrcache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getrcache:c.krb5_auth_con_getrcache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getrcache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_rcache:c.krb5_rcache]{krb5\_rcache}} *\emph{Â rcache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{rcache} - Replay cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +This function fetches the replay cache from \emph{auth\_context} . The caller should not close \emph{rcache} . + + +\subsubsection{krb5\_auth\_con\_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.} +\label{appdev/refs/api/krb5_auth_con_getrecvsubkey:krb5-auth-con-getrecvsubkey-retrieve-the-receiving-subkey-from-an-auth-context-as-a-keyblock}\label{appdev/refs/api/krb5_auth_con_getrecvsubkey::doc}\index{krb5\_auth\_con\_getrecvsubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getrecvsubkey:c.krb5_auth_con_getrecvsubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getrecvsubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}out{]}} \textbf{keyblock} - Receiving subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a keyblock containing the receiving subkey from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{keyblock} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_getrecvsubkey\_k - Retrieve the receiving subkey from an auth context as a keyblock.} +\label{appdev/refs/api/krb5_auth_con_getrecvsubkey_k:krb5-auth-con-getrecvsubkey-k-retrieve-the-receiving-subkey-from-an-auth-context-as-a-keyblock}\label{appdev/refs/api/krb5_auth_con_getrecvsubkey_k::doc}\index{krb5\_auth\_con\_getrecvsubkey\_k (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getrecvsubkey_k:c.krb5_auth_con_getrecvsubkey_k}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getrecvsubkey\_k}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}out{]}} \textbf{key} - Receiving subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets \emph{key} to the receiving subkey from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key]{\code{krb5\_k\_free\_key()}}} to release \emph{key} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_getremoteseqnumber - Retrieve the remote sequence number from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getremoteseqnumber:krb5-auth-con-getremoteseqnumber-retrieve-the-remote-sequence-number-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getremoteseqnumber::doc}\index{krb5\_auth\_con\_getremoteseqnumber (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getremoteseqnumber:c.krb5_auth_con_getremoteseqnumber}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getremoteseqnumber}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â seqnumber}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{seqnumber} - Remote sequence number + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Retrieve the remote sequence number from \emph{auth\_context} and return it in \emph{seqnumber} . The {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} flag must be set in \emph{auth\_context} for this function to be useful. + + +\subsubsection{krb5\_auth\_con\_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.} +\label{appdev/refs/api/krb5_auth_con_getsendsubkey:krb5-auth-con-getsendsubkey-retrieve-the-send-subkey-from-an-auth-context-as-a-keyblock}\label{appdev/refs/api/krb5_auth_con_getsendsubkey::doc}\index{krb5\_auth\_con\_getsendsubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getsendsubkey:c.krb5_auth_con_getsendsubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getsendsubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}out{]}} \textbf{keyblock} - Send subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a keyblock containing the send subkey from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{keyblock} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_getsendsubkey\_k - Retrieve the send subkey from an auth context.} +\label{appdev/refs/api/krb5_auth_con_getsendsubkey_k:krb5-auth-con-getsendsubkey-k-retrieve-the-send-subkey-from-an-auth-context}\label{appdev/refs/api/krb5_auth_con_getsendsubkey_k::doc}\index{krb5\_auth\_con\_getsendsubkey\_k (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getsendsubkey_k:c.krb5_auth_con_getsendsubkey_k}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getsendsubkey\_k}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}out{]}} \textbf{key} - Send subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets \emph{key} to the send subkey from \emph{auth\_context} . Use {\hyperref[appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key]{\code{krb5\_k\_free\_key()}}} to release \emph{key} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_init - Create and initialize an authentication context.} +\label{appdev/refs/api/krb5_auth_con_init:krb5-auth-con-init-create-and-initialize-an-authentication-context}\label{appdev/refs/api/krb5_auth_con_init::doc}\index{krb5\_auth\_con\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_init:c.krb5_auth_con_init}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_init}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{auth\_context} - Authentication context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates an authentication context to hold configuration and state relevant to krb5 functions for authenticating principals and protecting messages once authentication has occurred. + +By default, flags for the context are set to enable the use of the replay cache ( {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} ), but not sequence numbers. Use {\hyperref[appdev/refs/api/krb5_auth_con_setflags:c.krb5_auth_con_setflags]{\code{krb5\_auth\_con\_setflags()}}} to change the flags. + +The allocated \emph{auth\_context} must be freed with {\hyperref[appdev/refs/api/krb5_auth_con_free:c.krb5_auth_con_free]{\code{krb5\_auth\_con\_free()}}} when it is no longer needed. + + +\subsubsection{krb5\_auth\_con\_set\_checksum\_func - Set a checksum callback in an auth context.} +\label{appdev/refs/api/krb5_auth_con_set_checksum_func:krb5-auth-con-set-checksum-func-set-a-checksum-callback-in-an-auth-context}\label{appdev/refs/api/krb5_auth_con_set_checksum_func::doc}\index{krb5\_auth\_con\_set\_checksum\_func (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_set_checksum_func:c.krb5_auth_con_set_checksum_func}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_set\_checksum\_func}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func]{krb5\_mk\_req\_checksum\_func}}\emph{Â func}, void *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{func} - Checksum callback + +\textbf{{[}in{]}} \textbf{data} - Callback argument + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +Set a callback to obtain checksum data in {\hyperref[appdev/refs/api/krb5_mk_req:c.krb5_mk_req]{\code{krb5\_mk\_req()}}} . The callback will be invoked after the subkey and local sequence number are stored in \emph{auth\_context} . + + +\subsubsection{krb5\_auth\_con\_set\_req\_cksumtype - Set checksum type in an an auth context.} +\label{appdev/refs/api/krb5_auth_con_set_req_cksumtype:krb5-auth-con-set-req-cksumtype-set-checksum-type-in-an-an-auth-context}\label{appdev/refs/api/krb5_auth_con_set_req_cksumtype::doc}\index{krb5\_auth\_con\_set\_req\_cksumtype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_set_req_cksumtype:c.krb5_auth_con_set_req_cksumtype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_set\_req\_cksumtype}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success. Otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the checksum type in \emph{auth\_context} to be used by {\hyperref[appdev/refs/api/krb5_mk_req:c.krb5_mk_req]{\code{krb5\_mk\_req()}}} for the authenticator checksum. + + +\subsubsection{krb5\_auth\_con\_setaddrs - Set the local and remote addresses in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setaddrs::doc}\label{appdev/refs/api/krb5_auth_con_setaddrs:krb5-auth-con-setaddrs-set-the-local-and-remote-addresses-in-an-auth-context}\index{krb5\_auth\_con\_setaddrs (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setaddrs:c.krb5_auth_con_setaddrs}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setaddrs}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â local\_addr}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â remote\_addr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{local\_addr} - Local address + +\textbf{{[}in{]}} \textbf{remote\_addr} - Remote address + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function releases the storage assigned to the contents of the local and remote addresses of \emph{auth\_context} and then sets them to \emph{local\_addr} and \emph{remote\_addr} respectively. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_auth_con_genaddrs:c.krb5_auth_con_genaddrs]{\code{krb5\_auth\_con\_genaddrs()}}} + + + + +\subsubsection{krb5\_auth\_con\_setflags - Set a flags field in a krb5\_auth\_context structure.} +\label{appdev/refs/api/krb5_auth_con_setflags:krb5-auth-con-setflags-set-a-flags-field-in-a-krb5-auth-context-structure}\label{appdev/refs/api/krb5_auth_con_setflags::doc}\index{krb5\_auth\_con\_setflags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setflags:c.krb5_auth_con_setflags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setflags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{flags} - Flags bit mask + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +Valid values for \emph{flags} are: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} Use timestamps + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} Save timestamps + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} Use sequence numbers + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} Save sequence numbers + +\end{itemize} + + +\subsubsection{krb5\_auth\_con\_setports - Set local and remote port fields in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setports:krb5-auth-con-setports-set-local-and-remote-port-fields-in-an-auth-context}\label{appdev/refs/api/krb5_auth_con_setports::doc}\index{krb5\_auth\_con\_setports (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setports:c.krb5_auth_con_setports}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setports}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â local\_port}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *\emph{Â remote\_port}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{local\_port} - Local port + +\textbf{{[}in{]}} \textbf{remote\_port} - Remote port + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function releases the storage assigned to the contents of the local and remote ports of \emph{auth\_context} and then sets them to \emph{local\_port} and \emph{remote\_port} respectively. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_auth_con_genaddrs:c.krb5_auth_con_genaddrs]{\code{krb5\_auth\_con\_genaddrs()}}} + + + + +\subsubsection{krb5\_auth\_con\_setrcache - Set the replay cache in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setrcache::doc}\label{appdev/refs/api/krb5_auth_con_setrcache:krb5-auth-con-setrcache-set-the-replay-cache-in-an-auth-context}\index{krb5\_auth\_con\_setrcache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setrcache:c.krb5_auth_con_setrcache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setrcache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_rcache:c.krb5_rcache]{krb5\_rcache}}\emph{Â rcache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{rcache} - Replay cache haddle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the replay cache in \emph{auth\_context} to \emph{rcache} . \emph{rcache} will be closed when \emph{auth\_context} is freed, so the caller should relinguish that responsibility. + + +\subsubsection{krb5\_auth\_con\_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.} +\label{appdev/refs/api/krb5_auth_con_setrecvsubkey:krb5-auth-con-setrecvsubkey-set-the-receiving-subkey-in-an-auth-context-with-a-keyblock}\label{appdev/refs/api/krb5_auth_con_setrecvsubkey::doc}\index{krb5\_auth\_con\_setrecvsubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setrecvsubkey:c.krb5_auth_con_setrecvsubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setrecvsubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}in{]}} \textbf{keyblock} - Receiving subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the receiving subkey in \emph{ac} to a copy of \emph{keyblock} . + + +\subsubsection{krb5\_auth\_con\_setrecvsubkey\_k - Set the receiving subkey in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setrecvsubkey_k::doc}\label{appdev/refs/api/krb5_auth_con_setrecvsubkey_k:krb5-auth-con-setrecvsubkey-k-set-the-receiving-subkey-in-an-auth-context}\index{krb5\_auth\_con\_setrecvsubkey\_k (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setrecvsubkey_k:c.krb5_auth_con_setrecvsubkey_k}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setrecvsubkey\_k}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}in{]}} \textbf{key} - Receiving subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the receiving subkey in \emph{ac} to \emph{key} , incrementing its reference count. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_auth\_con\_setsendsubkey - Set the send subkey in an auth context with a keyblock.} +\label{appdev/refs/api/krb5_auth_con_setsendsubkey::doc}\label{appdev/refs/api/krb5_auth_con_setsendsubkey:krb5-auth-con-setsendsubkey-set-the-send-subkey-in-an-auth-context-with-a-keyblock}\index{krb5\_auth\_con\_setsendsubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setsendsubkey:c.krb5_auth_con_setsendsubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setsendsubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}in{]}} \textbf{keyblock} - Send subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success. Otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the send subkey in \emph{ac} to a copy of \emph{keyblock} . + + +\subsubsection{krb5\_auth\_con\_setsendsubkey\_k - Set the send subkey in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setsendsubkey_k:krb5-auth-con-setsendsubkey-k-set-the-send-subkey-in-an-auth-context}\label{appdev/refs/api/krb5_auth_con_setsendsubkey_k::doc}\index{krb5\_auth\_con\_setsendsubkey\_k (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setsendsubkey_k:c.krb5_auth_con_setsendsubkey_k}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setsendsubkey\_k}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â ac}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{ac} - Authentication context + +\textbf{{[}out{]}} \textbf{key} - Send subkey + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the send subkey in \emph{ac} to \emph{key} , incrementing its reference count. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_auth\_con\_setuseruserkey - Set the session key in an auth context.} +\label{appdev/refs/api/krb5_auth_con_setuseruserkey::doc}\label{appdev/refs/api/krb5_auth_con_setuseruserkey:krb5-auth-con-setuseruserkey-set-the-session-key-in-an-auth-context}\index{krb5\_auth\_con\_setuseruserkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_setuseruserkey:c.krb5_auth_con_setuseruserkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_setuseruserkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{keyblock} - User key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_cc\_cache\_match - Find a credential cache with a specified client principal.} +\label{appdev/refs/api/krb5_cc_cache_match:krb5-cc-cache-match-find-a-credential-cache-with-a-specified-client-principal}\label{appdev/refs/api/krb5_cc_cache_match::doc}\index{krb5\_cc\_cache\_match (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_cache_match:c.krb5_cc_cache_match}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_cache\_match}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â cache\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{client} - Client principal + +\textbf{{[}out{]}} \textbf{cache\_out} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_CC\_NOTFOUND None + +\end{itemize} + +\end{description}\end{quote} + +Find a cache within the collection whose default principal is \emph{client} . Use \emph{krb5\_cc\_close} to close \emph{ccache} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_cc\_copy\_creds - Copy a credential cache.} +\label{appdev/refs/api/krb5_cc_copy_creds::doc}\label{appdev/refs/api/krb5_cc_copy_creds:krb5-cc-copy-creds-copy-a-credential-cache}\index{krb5\_cc\_copy\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_copy_creds:c.krb5_cc_copy_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_copy\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â incc}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â outcc}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{incc} - Credential cache to be copied + +\textbf{{[}out{]}} \textbf{outcc} - Copy of credential cache to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_cc\_end\_seq\_get - Finish a series of sequential processing credential cache entries.} +\label{appdev/refs/api/krb5_cc_end_seq_get:krb5-cc-end-seq-get-finish-a-series-of-sequential-processing-credential-cache-entries}\label{appdev/refs/api/krb5_cc_end_seq_get::doc}\index{krb5\_cc\_end\_seq\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_end\_seq\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor]{krb5\_cc\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 (always) + +\end{itemize} + +\end{description}\end{quote} + +This function finishes processing credential cache entries and invalidates \emph{cursor} . + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_cc_start_seq_get:c.krb5_cc_start_seq_get]{\code{krb5\_cc\_start\_seq\_get()}}} , {\hyperref[appdev/refs/api/krb5_cc_next_cred:c.krb5_cc_next_cred]{\code{krb5\_cc\_next\_cred()}}} + + + + +\subsubsection{krb5\_cc\_get\_config - Get a configuration value from a credential cache.} +\label{appdev/refs/api/krb5_cc_get_config:krb5-cc-get-config-get-a-configuration-value-from-a-credential-cache}\label{appdev/refs/api/krb5_cc_get_config::doc}\index{krb5\_cc\_get\_config (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_config:c.krb5_cc_get_config}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_get\_config}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â id}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, const char *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{id} - Credential cache handle + +\textbf{{[}in{]}} \textbf{principal} - Configuration for this principal; if NULL, global for the whole cache + +\textbf{{[}in{]}} \textbf{key} - Name of config variable + +\textbf{{[}out{]}} \textbf{data} - Data to be fetched + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{data} when it is no longer needed. + + +\subsubsection{krb5\_cc\_get\_flags - Retrieve flags from a credential cache structure.} +\label{appdev/refs/api/krb5_cc_get_flags:krb5-cc-get-flags-retrieve-flags-from-a-credential-cache-structure}\label{appdev/refs/api/krb5_cc_get_flags::doc}\index{krb5\_cc\_get\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_flags:c.krb5_cc_get_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_get\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} *\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}out{]}} \textbf{flags} - Flag bit mask + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{warning}{Warning:} +For memory credential cache always returns a flag mask of 0. +\end{notice} + + +\subsubsection{krb5\_cc\_get\_full\_name - Retrieve the full name of a credential cache.} +\label{appdev/refs/api/krb5_cc_get_full_name::doc}\label{appdev/refs/api/krb5_cc_get_full_name:krb5-cc-get-full-name-retrieve-the-full-name-of-a-credential-cache}\index{krb5\_cc\_get\_full\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_get_full_name:c.krb5_cc_get_full_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_get\_full\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, char **\emph{Â fullname\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}out{]}} \textbf{fullname\_out} - Full name of cache + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_string:c.krb5_free_string]{\code{krb5\_free\_string()}}} to free \emph{fullname\_out} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_cc\_last\_change\_time - Return a timestamp of the last modification to a credential cache.} +\label{appdev/refs/api/krb5_cc_last_change_time:krb5-cc-last-change-time-return-a-timestamp-of-the-last-modification-to-a-credential-cache}\label{appdev/refs/api/krb5_cc_last_change_time::doc}\index{krb5\_cc\_last\_change\_time (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_last_change_time:c.krb5_cc_last_change_time}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_last\_change\_time}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â change\_time}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\textbf{{[}out{]}} \textbf{change\_time} - The last change time of \emph{ccache} + +\end{description}\end{quote} + +If an error occurs, \emph{change\_time} is set to 0. + + +\subsubsection{krb5\_cc\_lock - Lock a credential cache.} +\label{appdev/refs/api/krb5_cc_lock:krb5-cc-lock-lock-a-credential-cache}\label{appdev/refs/api/krb5_cc_lock::doc}\index{krb5\_cc\_lock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_lock:c.krb5_cc_lock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_lock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_cc_unlock:c.krb5_cc_unlock]{\code{krb5\_cc\_unlock()}}} to unlock the lock. + + +\subsubsection{krb5\_cc\_move - Move a credential cache.} +\label{appdev/refs/api/krb5_cc_move:krb5-cc-move-move-a-credential-cache}\label{appdev/refs/api/krb5_cc_move::doc}\index{krb5\_cc\_move (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_move:c.krb5_cc_move}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_move}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â src}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â dst}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{src} - The credential cache to move the content from + +\textbf{{[}in{]}} \textbf{dst} - The credential cache to move the content to + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; src is closed. + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes; src is still allocated. + +\end{itemize} + +\end{description}\end{quote} + +This function reinitializes \emph{dst} and populates it with the credentials and default principal of \emph{src} ; then, if successful, destroys \emph{src} . + + +\subsubsection{krb5\_cc\_next\_cred - Retrieve the next entry from the credential cache.} +\label{appdev/refs/api/krb5_cc_next_cred::doc}\label{appdev/refs/api/krb5_cc_next_cred:krb5-cc-next-cred-retrieve-the-next-entry-from-the-credential-cache}\index{krb5\_cc\_next\_cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_next_cred:c.krb5_cc_next_cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_next\_cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor]{krb5\_cc\_cursor}} *\emph{Â cursor}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{cursor} - Cursor + +\textbf{{[}out{]}} \textbf{creds} - Next credential cache entry + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function fills in \emph{creds} with the next entry in \emph{cache} and advances \emph{cursor} . + +Use {\hyperref[appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents]{\code{krb5\_free\_cred\_contents()}}} to free \emph{creds} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_cc_start_seq_get:c.krb5_cc_start_seq_get]{\code{krb5\_cc\_start\_seq\_get()}}} , krb5\_end\_seq\_get() + + + + +\subsubsection{krb5\_cc\_remove\_cred - Remove credentials from a credential cache.} +\label{appdev/refs/api/krb5_cc_remove_cred:krb5-cc-remove-cred-remove-credentials-from-a-credential-cache}\label{appdev/refs/api/krb5_cc_remove_cred::doc}\index{krb5\_cc\_remove\_cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_remove_cred:c.krb5_cc_remove_cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_remove\_cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{flags} - Bitwise-ORed search flags + +\textbf{{[}in{]}} \textbf{creds} - Credentials to be matched + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +KRB5\_CC\_NOSUPP Not implemented for this cache type + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +No matches found; Data cannot be deleted; Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function accepts the same flag values as {\hyperref[appdev/refs/api/krb5_cc_retrieve_cred:c.krb5_cc_retrieve_cred]{\code{krb5\_cc\_retrieve\_cred()}}} . + +\begin{notice}{warning}{Warning:} +This function is not implemented for some cache types. +\end{notice} + + +\subsubsection{krb5\_cc\_retrieve\_cred - Retrieve a specified credentials from a credential cache.} +\label{appdev/refs/api/krb5_cc_retrieve_cred:krb5-cc-retrieve-cred-retrieve-a-specified-credentials-from-a-credential-cache}\label{appdev/refs/api/krb5_cc_retrieve_cred::doc}\index{krb5\_cc\_retrieve\_cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_retrieve_cred:c.krb5_cc_retrieve_cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_retrieve\_cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â mcreds}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{flags} - Flags bit mask + +\textbf{{[}in{]}} \textbf{mcreds} - Credentials to match + +\textbf{{[}out{]}} \textbf{creds} - Credentials matching the requested value + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function searches a credential cache for credentials matching \emph{mcreds} and returns it if found. + +Valid values for \emph{flags} are: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_TIMES:KRB5_TC_MATCH_TIMES]{\code{KRB5\_TC\_MATCH\_TIMES}}} The requested lifetime must be at least as great as in \emph{mcreds} . + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:KRB5_TC_MATCH_IS_SKEY]{\code{KRB5\_TC\_MATCH\_IS\_SKEY}}} The \emph{is\_skey} field much match exactly. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_FLAGS:KRB5_TC_MATCH_FLAGS]{\code{KRB5\_TC\_MATCH\_FLAGS}}} Flags set in \emph{mcreds} must be set. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:KRB5_TC_MATCH_TIMES_EXACT]{\code{KRB5\_TC\_MATCH\_TIMES\_EXACT}}} The requested lifetime must match exactly. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:KRB5_TC_MATCH_FLAGS_EXACT]{\code{KRB5\_TC\_MATCH\_FLAGS\_EXACT}}} Flags must match exactly. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:KRB5_TC_MATCH_AUTHDATA]{\code{KRB5\_TC\_MATCH\_AUTHDATA}}} The authorization data must match. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:KRB5_TC_MATCH_SRV_NAMEONLY]{\code{KRB5\_TC\_MATCH\_SRV\_NAMEONLY}}} Only the name portion of the principal name must match, not the realm. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:KRB5_TC_MATCH_2ND_TKT]{\code{KRB5\_TC\_MATCH\_2ND\_TKT}}} The second tickets must match. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_MATCH_KTYPE:KRB5_TC_MATCH_KTYPE]{\code{KRB5\_TC\_MATCH\_KTYPE}}} The encryption key types must match. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:KRB5_TC_SUPPORTED_KTYPES]{\code{KRB5\_TC\_SUPPORTED\_KTYPES}}} Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. + +\end{itemize} + +Use {\hyperref[appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents]{\code{krb5\_free\_cred\_contents()}}} to free \emph{creds} when it is no longer needed. +\end{quote} + + +\subsubsection{krb5\_cc\_select - Select a credential cache to use with a server principal.} +\label{appdev/refs/api/krb5_cc_select::doc}\label{appdev/refs/api/krb5_cc_select:krb5-cc-select-select-a-credential-cache-to-use-with-a-server-principal}\index{krb5\_cc\_select (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_select:c.krb5_cc_select}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_select}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â cache\_out}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â princ\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{server} - Server principal + +\textbf{{[}out{]}} \textbf{cache\_out} - Credential cache handle + +\textbf{{[}out{]}} \textbf{princ\_out} - Client principal + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +If an appropriate cache is found, 0 is returned, cache\_out is set to the selected cache, and princ\_out is set to the default principal of that cache. + +\end{itemize} + +\end{description}\end{quote} + +Select a cache within the collection containing credentials most appropriate for use with \emph{server} , according to configured rules and heuristics. + +Use {\hyperref[appdev/refs/api/krb5_cc_close:c.krb5_cc_close]{\code{krb5\_cc\_close()}}} to release \emph{cache\_out} when it is no longer needed. Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to release \emph{princ\_out} when it is no longer needed. Note that \emph{princ\_out} is set in some error conditions. + +If the appropriate client principal can be authoritatively determined but the cache collection contains no credentials for that principal, then KRB5\_CC\_NOTFOUND is returned, \emph{cache\_out} is set to NULL, and \emph{princ\_out} is set to the appropriate client principal. + +If no configured mechanism can determine the appropriate cache or principal, KRB5\_CC\_NOTFOUND is returned and \emph{cache\_out} and \emph{princ\_out} are set to NULL. + +Any other error code indicates a fatal error in the processing of a cache selection mechanism. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_cc\_set\_config - Store a configuration value in a credential cache.} +\label{appdev/refs/api/krb5_cc_set_config::doc}\label{appdev/refs/api/krb5_cc_set_config:krb5-cc-set-config-store-a-configuration-value-in-a-credential-cache}\index{krb5\_cc\_set\_config (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_set_config:c.krb5_cc_set_config}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_set\_config}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â id}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, const char *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{id} - Credential cache handle + +\textbf{{[}in{]}} \textbf{principal} - Configuration for a specific principal; if NULL, global for the whole cache + +\textbf{{[}in{]}} \textbf{key} - Name of config variable + +\textbf{{[}in{]}} \textbf{data} - Data to store, or NULL to remove + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{warning}{Warning:} +Before version 1.10 \emph{data} was assumed to be always non-null. +\end{notice} + +\begin{notice}{note}{Note:} +Existing configuration under the same key is over-written. +\end{notice} + + +\subsubsection{krb5\_cc\_set\_default\_name - Set the default credential cache name.} +\label{appdev/refs/api/krb5_cc_set_default_name:krb5-cc-set-default-name-set-the-default-credential-cache-name}\label{appdev/refs/api/krb5_cc_set_default_name::doc}\index{krb5\_cc\_set\_default\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_set_default_name:c.krb5_cc_set_default_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_set\_default\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â name}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{name} - Default credential cache name or NULL + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KV5M\_CONTEXT Bad magic number for \_krb5\_context structure + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Set the default credential cache name to \emph{name} for future operations using \emph{context} . If \emph{name} is NULL, clear any previous application-set default name and forget any cached value of the default name for \emph{context} . + +Calls to this function invalidate the result of any previous calls to {\hyperref[appdev/refs/api/krb5_cc_default_name:c.krb5_cc_default_name]{\code{krb5\_cc\_default\_name()}}} using \emph{context} . + + +\subsubsection{krb5\_cc\_set\_flags - Set options flags on a credential cache.} +\label{appdev/refs/api/krb5_cc_set_flags:krb5-cc-set-flags-set-options-flags-on-a-credential-cache}\label{appdev/refs/api/krb5_cc_set_flags::doc}\index{krb5\_cc\_set\_flags (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_set_flags:c.krb5_cc_set_flags}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_set\_flags}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{flags} - Flag bit mask + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function resets \emph{cache} flags to \emph{flags} . + + +\subsubsection{krb5\_cc\_start\_seq\_get - Prepare to sequentially read every credential in a credential cache.} +\label{appdev/refs/api/krb5_cc_start_seq_get::doc}\label{appdev/refs/api/krb5_cc_start_seq_get:krb5-cc-start-seq-get-prepare-to-sequentially-read-every-credential-in-a-credential-cache}\index{krb5\_cc\_start\_seq\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_start_seq_get:c.krb5_cc_start_seq_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_start\_seq\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor]{krb5\_cc\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}out{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} +\begin{quote} + +{\hyperref[appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get]{\code{krb5\_cc\_end\_seq\_get()}}} must be called to complete the retrieve operation. +\end{quote} + +\begin{notice}{note}{Note:} +If \emph{cache} is modified between the time of the call to this function and the time of the final {\hyperref[appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get]{\code{krb5\_cc\_end\_seq\_get()}}} , the results are undefined. +\end{notice} + + +\subsubsection{krb5\_cc\_store\_cred - Store credentials in a credential cache.} +\label{appdev/refs/api/krb5_cc_store_cred:krb5-cc-store-cred-store-credentials-in-a-credential-cache}\label{appdev/refs/api/krb5_cc_store_cred::doc}\index{krb5\_cc\_store\_cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_store_cred:c.krb5_cc_store_cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_store\_cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{creds} - Credentials to be stored in cache + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Permission errors; storage failure errors; Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function stores \emph{creds} into \emph{cache} . If \emph{creds-\textgreater{}server} and the server in the decoded ticket \emph{creds-\textgreater{}ticket} differ, the credentials will be stored under both server principal names. + + +\subsubsection{krb5\_cc\_support\_switch - Determine whether a credential cache type supports switching.} +\label{appdev/refs/api/krb5_cc_support_switch::doc}\label{appdev/refs/api/krb5_cc_support_switch:krb5-cc-support-switch-determine-whether-a-credential-cache-type-supports-switching}\index{krb5\_cc\_support\_switch (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_support_switch:c.krb5_cc_support_switch}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_cc\_support\_switch}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â type}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{type} - Credential cache type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +TRUE if type supports switching + +\item {} +FALSE if it does not or is not a valid credential cache type. + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_cc\_switch - Make a credential cache the primary cache for its collection.} +\label{appdev/refs/api/krb5_cc_switch::doc}\label{appdev/refs/api/krb5_cc_switch:krb5-cc-switch-make-a-credential-cache-the-primary-cache-for-its-collection}\index{krb5\_cc\_switch (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_switch:c.krb5_cc_switch}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_switch}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success, or the type of cache doesn't support switching + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If the type of \emph{cache} supports it, set \emph{cache} to be the primary credential cache for the collection it belongs to. + + +\subsubsection{krb5\_cc\_unlock - Unlock a credential cache.} +\label{appdev/refs/api/krb5_cc_unlock:krb5-cc-unlock-unlock-a-credential-cache}\label{appdev/refs/api/krb5_cc_unlock::doc}\index{krb5\_cc\_unlock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_unlock:c.krb5_cc_unlock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_unlock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function unlocks the \emph{ccache} locked by {\hyperref[appdev/refs/api/krb5_cc_lock:c.krb5_cc_lock]{\code{krb5\_cc\_lock()}}} . + + +\subsubsection{krb5\_cccol\_cursor\_free - Free a credential cache collection cursor.} +\label{appdev/refs/api/krb5_cccol_cursor_free::doc}\label{appdev/refs/api/krb5_cccol_cursor_free:krb5-cccol-cursor-free-free-a-credential-cache-collection-cursor}\index{krb5\_cccol\_cursor\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_cursor_free:c.krb5_cccol_cursor_free}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_cursor\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor]{krb5\_cccol\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_cccol_cursor_new:c.krb5_cccol_cursor_new]{\code{krb5\_cccol\_cursor\_new()}}} , {\hyperref[appdev/refs/api/krb5_cccol_cursor_next:c.krb5_cccol_cursor_next]{\code{krb5\_cccol\_cursor\_next()}}} + + + + +\subsubsection{krb5\_cccol\_cursor\_new - Prepare to iterate over the collection of known credential caches.} +\label{appdev/refs/api/krb5_cccol_cursor_new::doc}\label{appdev/refs/api/krb5_cccol_cursor_new:krb5-cccol-cursor-new-prepare-to-iterate-over-the-collection-of-known-credential-caches}\index{krb5\_cccol\_cursor\_new (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_cursor_new:c.krb5_cccol_cursor_new}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_cursor\_new}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor]{krb5\_cccol\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Get a new cache iteration \emph{cursor} that will iterate over all known credential caches independent of type. + +Use {\hyperref[appdev/refs/api/krb5_cccol_cursor_free:c.krb5_cccol_cursor_free]{\code{krb5\_cccol\_cursor\_free()}}} to release \emph{cursor} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_cccol_cursor_next:c.krb5_cccol_cursor_next]{\code{krb5\_cccol\_cursor\_next()}}} + + + + +\subsubsection{krb5\_cccol\_cursor\_next - Get the next credential cache in the collection.} +\label{appdev/refs/api/krb5_cccol_cursor_next::doc}\label{appdev/refs/api/krb5_cccol_cursor_next:krb5-cccol-cursor-next-get-the-next-credential-cache-in-the-collection}\index{krb5\_cccol\_cursor\_next (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_cursor_next:c.krb5_cccol_cursor_next}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_cursor\_next}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor]{krb5\_cccol\_cursor}}\emph{Â cursor}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â ccache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cursor} - Cursor + +\textbf{{[}out{]}} \textbf{ccache} - Credential cache handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_cc_close:c.krb5_cc_close]{\code{krb5\_cc\_close()}}} to close \emph{ccache} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_cccol_cursor_new:c.krb5_cccol_cursor_new]{\code{krb5\_cccol\_cursor\_new()}}} , {\hyperref[appdev/refs/api/krb5_cccol_cursor_free:c.krb5_cccol_cursor_free]{\code{krb5\_cccol\_cursor\_free()}}} + + + +\begin{notice}{note}{Note:} +When all caches are iterated over and the end of the list is reached, \emph{ccache} is set to NULL. +\end{notice} + + +\subsubsection{krb5\_cccol\_have\_content - Check if the credential cache collection contains any credentials.} +\label{appdev/refs/api/krb5_cccol_have_content:krb5-cccol-have-content-check-if-the-credential-cache-collection-contains-any-credentials}\label{appdev/refs/api/krb5_cccol_have_content::doc}\index{krb5\_cccol\_have\_content (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_have_content:c.krb5_cccol_have_content}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_have\_content}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Credentials are available in the collection + +\item {} +KRB5\_CC\_NOTFOUND The collection contains no credentials + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_cccol\_last\_change\_time - Return a timestamp of the last modification of any known credential cache.} +\label{appdev/refs/api/krb5_cccol_last_change_time:krb5-cccol-last-change-time-return-a-timestamp-of-the-last-modification-of-any-known-credential-cache}\label{appdev/refs/api/krb5_cccol_last_change_time::doc}\index{krb5\_cccol\_last\_change\_time (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_last_change_time:c.krb5_cccol_last_change_time}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_last\_change\_time}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â change\_time}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{change\_time} - Last modification timestamp + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function returns the most recent modification time of any known credential cache, ignoring any caches which cannot supply a last modification time. + +If there are no known credential caches, \emph{change\_time} is set to 0. + + +\subsubsection{krb5\_cccol\_lock - Acquire a global lock for credential caches.} +\label{appdev/refs/api/krb5_cccol_lock::doc}\label{appdev/refs/api/krb5_cccol_lock:krb5-cccol-lock-acquire-a-global-lock-for-credential-caches}\index{krb5\_cccol\_lock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_lock:c.krb5_cccol_lock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_lock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function locks the global credential cache collection, ensuring that no ccaches are added to or removed from it until the collection lock is released. + +Use {\hyperref[appdev/refs/api/krb5_cccol_unlock:c.krb5_cccol_unlock]{\code{krb5\_cccol\_unlock()}}} to unlock the lock. + + +\subsubsection{krb5\_cccol\_unlock - Release a global lock for credential caches.} +\label{appdev/refs/api/krb5_cccol_unlock:krb5-cccol-unlock-release-a-global-lock-for-credential-caches}\label{appdev/refs/api/krb5_cccol_unlock::doc}\index{krb5\_cccol\_unlock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cccol_unlock:c.krb5_cccol_unlock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cccol\_unlock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function unlocks the lock from {\hyperref[appdev/refs/api/krb5_cccol_lock:c.krb5_cccol_lock]{\code{krb5\_cccol\_lock()}}} . + + +\subsubsection{krb5\_clear\_error\_message - Clear the extended error message in a context.} +\label{appdev/refs/api/krb5_clear_error_message:krb5-clear-error-message-clear-the-extended-error-message-in-a-context}\label{appdev/refs/api/krb5_clear_error_message::doc}\index{krb5\_clear\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_clear_error_message:c.krb5_clear_error_message}\pysiglinewithargsret{void \bfcode{krb5\_clear\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\end{description}\end{quote} + +This function unsets the extended error message in a context, to ensure that it is not mistakenly applied to another occurrence of the same error code. + + +\subsubsection{krb5\_check\_clockskew - Check if a timestamp is within the allowed clock skew of the current time.} +\label{appdev/refs/api/krb5_check_clockskew:krb5-check-clockskew-check-if-a-timestamp-is-within-the-allowed-clock-skew-of-the-current-time}\label{appdev/refs/api/krb5_check_clockskew::doc}\index{krb5\_check\_clockskew (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_check_clockskew:c.krb5_check_clockskew}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_check\_clockskew}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â date}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{date} - Timestamp to check + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5KRB\_AP\_ERR\_SKEW date is not within allowable clock skew + +\end{itemize} + +\end{description}\end{quote} + +This function checks if \emph{date} is close enough to the current time according to the configured allowable clock skew. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_copy\_addresses - Copy an array of addresses.} +\label{appdev/refs/api/krb5_copy_addresses:krb5-copy-addresses-copy-an-array-of-addresses}\label{appdev/refs/api/krb5_copy_addresses::doc}\index{krb5\_copy\_addresses (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_addresses:c.krb5_copy_addresses}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_addresses}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *const *\emph{Â inaddr}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ***\emph{Â outaddr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{inaddr} - Array of addresses to be copied + +\textbf{{[}out{]}} \textbf{outaddr} - Copy of array of addresses + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new address array containing a copy of \emph{inaddr} . Use {\hyperref[appdev/refs/api/krb5_free_addresses:c.krb5_free_addresses]{\code{krb5\_free\_addresses()}}} to free \emph{outaddr} when it is no longer needed. + + +\subsubsection{krb5\_copy\_authdata - Copy an authorization data list.} +\label{appdev/refs/api/krb5_copy_authdata:krb5-copy-authdata-copy-an-authorization-data-list}\label{appdev/refs/api/krb5_copy_authdata::doc}\index{krb5\_copy\_authdata (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_authdata:c.krb5_copy_authdata}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_authdata}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â in\_authdat}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{in\_authdat} - List of \emph{krb5\_authdata} structures + +\textbf{{[}out{]}} \textbf{out} - New array of \emph{krb5\_authdata} structures + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new authorization data list containing a copy of \emph{in\_authdat} , which must be null-terminated. Use {\hyperref[appdev/refs/api/krb5_free_authdata:c.krb5_free_authdata]{\code{krb5\_free\_authdata()}}} to free \emph{out} when it is no longer needed. + +\begin{notice}{note}{Note:} +The last array entry in \emph{in\_authdat} must be a NULL pointer. +\end{notice} + + +\subsubsection{krb5\_copy\_authenticator - Copy a krb5\_authenticator structure.} +\label{appdev/refs/api/krb5_copy_authenticator:krb5-copy-authenticator-copy-a-krb5-authenticator-structure}\label{appdev/refs/api/krb5_copy_authenticator::doc}\index{krb5\_copy\_authenticator (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_authenticator:c.krb5_copy_authenticator}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_authenticator}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_authenticator:c.krb5_authenticator]{krb5\_authenticator}} *\emph{Â authfrom}, {\hyperref[appdev/refs/types/krb5_authenticator:c.krb5_authenticator]{krb5\_authenticator}} **\emph{Â authto}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{authfrom} - krb5\_authenticator structure to be copied + +\textbf{{[}out{]}} \textbf{authto} - Copy of krb5\_authenticator structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new krb5\_authenticator structure with the content of \emph{authfrom} . Use {\hyperref[appdev/refs/api/krb5_free_authenticator:c.krb5_free_authenticator]{\code{krb5\_free\_authenticator()}}} to free \emph{authto} when it is no longer needed. + + +\subsubsection{krb5\_copy\_checksum - Copy a krb5\_checksum structure.} +\label{appdev/refs/api/krb5_copy_checksum:krb5-copy-checksum-copy-a-krb5-checksum-structure}\label{appdev/refs/api/krb5_copy_checksum::doc}\index{krb5\_copy\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_checksum:c.krb5_copy_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â ckfrom}, {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} **\emph{Â ckto}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ckfrom} - Checksum to be copied + +\textbf{{[}out{]}} \textbf{ckto} - Copy of krb5\_checksum structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new krb5\_checksum structure with the contents of \emph{ckfrom} . Use {\hyperref[appdev/refs/api/krb5_free_checksum:c.krb5_free_checksum]{\code{krb5\_free\_checksum()}}} to free \emph{ckto} when it is no longer needed. + + +\subsubsection{krb5\_copy\_context - Copy a krb5\_context structure.} +\label{appdev/refs/api/krb5_copy_context:krb5-copy-context-copy-a-krb5-context-structure}\label{appdev/refs/api/krb5_copy_context::doc}\index{krb5\_copy\_context (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_context:c.krb5_copy_context}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_context}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}} *\emph{Â nctx\_out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}out{]}} \textbf{nctx\_out} - New context structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The newly created context must be released by calling {\hyperref[appdev/refs/api/krb5_free_context:c.krb5_free_context]{\code{krb5\_free\_context()}}} when it is no longer needed. + + +\subsubsection{krb5\_copy\_creds - Copy a krb5\_creds structure.} +\label{appdev/refs/api/krb5_copy_creds:krb5-copy-creds-copy-a-krb5-creds-structure}\label{appdev/refs/api/krb5_copy_creds::doc}\index{krb5\_copy\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_creds:c.krb5_copy_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â incred}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â outcred}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{incred} - Credentials structure to be copied + +\textbf{{[}out{]}} \textbf{outcred} - Copy of \emph{incred} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new credential with the contents of \emph{incred} . Use {\hyperref[appdev/refs/api/krb5_free_creds:c.krb5_free_creds]{\code{krb5\_free\_creds()}}} to free \emph{outcred} when it is no longer needed. + + +\subsubsection{krb5\_copy\_data - Copy a krb5\_data object.} +\label{appdev/refs/api/krb5_copy_data:krb5-copy-data-copy-a-krb5-data-object}\label{appdev/refs/api/krb5_copy_data::doc}\index{krb5\_copy\_data (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_data:c.krb5_copy_data}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_data}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â indata}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} **\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{indata} - Data object to be copied + +\textbf{{[}out{]}} \textbf{outdata} - Copy of \emph{indata} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new krb5\_data object with the contents of \emph{indata} . Use {\hyperref[appdev/refs/api/krb5_free_data:c.krb5_free_data]{\code{krb5\_free\_data()}}} to free \emph{outdata} when it is no longer needed. + + +\subsubsection{krb5\_copy\_error\_message - Copy the most recent extended error message from one context to another.} +\label{appdev/refs/api/krb5_copy_error_message:krb5-copy-error-message-copy-the-most-recent-extended-error-message-from-one-context-to-another}\label{appdev/refs/api/krb5_copy_error_message::doc}\index{krb5\_copy\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_error_message:c.krb5_copy_error_message}\pysiglinewithargsret{void \bfcode{krb5\_copy\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â dest\_ctx}, {\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â src\_ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{dest\_ctx} - Library context to copy message to + +\textbf{{[}in{]}} \textbf{src\_ctx} - Library context with current message + +\end{description}\end{quote} + + +\subsubsection{krb5\_copy\_keyblock - Copy a keyblock.} +\label{appdev/refs/api/krb5_copy_keyblock:krb5-copy-keyblock-copy-a-keyblock}\label{appdev/refs/api/krb5_copy_keyblock::doc}\index{krb5\_copy\_keyblock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_keyblock:c.krb5_copy_keyblock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_keyblock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â from}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â to}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{from} - Keyblock to be copied + +\textbf{{[}out{]}} \textbf{to} - Copy of keyblock \emph{from} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new keyblock with the same contents as \emph{from} . Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{to} when it is no longer needed. + + +\subsubsection{krb5\_copy\_keyblock\_contents - Copy the contents of a keyblock.} +\label{appdev/refs/api/krb5_copy_keyblock_contents:krb5-copy-keyblock-contents-copy-the-contents-of-a-keyblock}\label{appdev/refs/api/krb5_copy_keyblock_contents::doc}\index{krb5\_copy\_keyblock\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_keyblock_contents:c.krb5_copy_keyblock_contents}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_keyblock\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â from}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â to}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{from} - Key to be copied + +\textbf{{[}out{]}} \textbf{to} - Output key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function copies the contents of \emph{from} to \emph{to} . Use {\hyperref[appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents]{\code{krb5\_free\_keyblock\_contents()}}} to free \emph{to} when it is no longer needed. + + +\subsubsection{krb5\_copy\_principal - Copy a principal.} +\label{appdev/refs/api/krb5_copy_principal:krb5-copy-principal-copy-a-principal}\label{appdev/refs/api/krb5_copy_principal::doc}\index{krb5\_copy\_principal (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_principal:c.krb5_copy_principal}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_principal}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â inprinc}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} *\emph{Â outprinc}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{inprinc} - Principal to be copied + +\textbf{{[}out{]}} \textbf{outprinc} - Copy of \emph{inprinc} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new principal structure with the contents of \emph{inprinc} . Use {\hyperref[appdev/refs/api/krb5_free_principal:c.krb5_free_principal]{\code{krb5\_free\_principal()}}} to free \emph{outprinc} when it is no longer needed. + + +\subsubsection{krb5\_copy\_ticket - Copy a krb5\_ticket structure.} +\label{appdev/refs/api/krb5_copy_ticket:krb5-copy-ticket-copy-a-krb5-ticket-structure}\label{appdev/refs/api/krb5_copy_ticket::doc}\index{krb5\_copy\_ticket (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_copy_ticket:c.krb5_copy_ticket}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_copy\_ticket}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} *\emph{Â from}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} **\emph{Â pto}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{from} - Ticket to be copied + +\textbf{{[}out{]}} \textbf{pto} - Copy of ticket + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new krb5\_ticket structure containing the contents of \emph{from} . Use {\hyperref[appdev/refs/api/krb5_free_ticket:c.krb5_free_ticket]{\code{krb5\_free\_ticket()}}} to free \emph{pto} when it is no longer needed. + + +\subsubsection{krb5\_find\_authdata - Find authorization data elements.} +\label{appdev/refs/api/krb5_find_authdata:krb5-find-authdata-find-authorization-data-elements}\label{appdev/refs/api/krb5_find_authdata::doc}\index{krb5\_find\_authdata (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_find_authdata:c.krb5_find_authdata}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_find\_authdata}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â ticket\_authdata}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â ap\_req\_authdata}, {\hyperref[appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype]{krb5\_authdatatype}}\emph{Â ad\_type}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â results}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ticket\_authdata} - Authorization data list from ticket + +\textbf{{[}in{]}} \textbf{ap\_req\_authdata} - Authorization data list from AP request + +\textbf{{[}in{]}} \textbf{ad\_type} - Authorization data type to find + +\textbf{{[}out{]}} \textbf{results} - List of matching entries + +\end{description}\end{quote} + +This function searches \emph{ticket\_authdata} and \emph{ap\_req\_authdata} for elements of type \emph{ad\_type} . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use {\hyperref[appdev/refs/api/krb5_free_authdata:c.krb5_free_authdata]{\code{krb5\_free\_authdata()}}} to free \emph{results} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_free\_addresses - Free the data stored in array of addresses.} +\label{appdev/refs/api/krb5_free_addresses:krb5-free-addresses-free-the-data-stored-in-array-of-addresses}\label{appdev/refs/api/krb5_free_addresses::doc}\index{krb5\_free\_addresses (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_addresses:c.krb5_free_addresses}\pysiglinewithargsret{void \bfcode{krb5\_free\_addresses}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} **\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Array of addresses to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the array itself. + +\begin{notice}{note}{Note:} +The last entry in the array must be a NULL pointer. +\end{notice} + + +\subsubsection{krb5\_free\_ap\_rep\_enc\_part - Free a krb5\_ap\_rep\_enc\_part structure.} +\label{appdev/refs/api/krb5_free_ap_rep_enc_part:krb5-free-ap-rep-enc-part-free-a-krb5-ap-rep-enc-part-structure}\label{appdev/refs/api/krb5_free_ap_rep_enc_part::doc}\index{krb5\_free\_ap\_rep\_enc\_part (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_ap_rep_enc_part:c.krb5_free_ap_rep_enc_part}\pysiglinewithargsret{void \bfcode{krb5\_free\_ap\_rep\_enc\_part}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part]{krb5\_ap\_rep\_enc\_part}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - AP-REP enc part to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_authdata - Free the storage assigned to array of authentication data.} +\label{appdev/refs/api/krb5_free_authdata::doc}\label{appdev/refs/api/krb5_free_authdata:krb5-free-authdata-free-the-storage-assigned-to-array-of-authentication-data}\index{krb5\_free\_authdata (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_authdata:c.krb5_free_authdata}\pysiglinewithargsret{void \bfcode{krb5\_free\_authdata}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} **\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Array of authentication data to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the array itself. + +\begin{notice}{note}{Note:} +The last entry in the array must be a NULL pointer. +\end{notice} + + +\subsubsection{krb5\_free\_authenticator - Free a krb5\_authenticator structure.} +\label{appdev/refs/api/krb5_free_authenticator:krb5-free-authenticator-free-a-krb5-authenticator-structure}\label{appdev/refs/api/krb5_free_authenticator::doc}\index{krb5\_free\_authenticator (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_authenticator:c.krb5_free_authenticator}\pysiglinewithargsret{void \bfcode{krb5\_free\_authenticator}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authenticator:c.krb5_authenticator]{krb5\_authenticator}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Authenticator structure to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_cred\_contents - Free the contents of a krb5\_creds structure.} +\label{appdev/refs/api/krb5_free_cred_contents::doc}\label{appdev/refs/api/krb5_free_cred_contents:krb5-free-cred-contents-free-the-contents-of-a-krb5-creds-structure}\index{krb5\_free\_cred\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents}\pysiglinewithargsret{void \bfcode{krb5\_free\_cred\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Credential structure to free contents of + +\end{description}\end{quote} + +This function frees the contents of \emph{val} , but not the structure itself. + + +\subsubsection{krb5\_free\_creds - Free a krb5\_creds structure.} +\label{appdev/refs/api/krb5_free_creds::doc}\label{appdev/refs/api/krb5_free_creds:krb5-free-creds-free-a-krb5-creds-structure}\index{krb5\_free\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_creds:c.krb5_free_creds}\pysiglinewithargsret{void \bfcode{krb5\_free\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Credential structure to be freed. + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_data - Free a krb5\_data structure.} +\label{appdev/refs/api/krb5_free_data:krb5-free-data-free-a-krb5-data-structure}\label{appdev/refs/api/krb5_free_data::doc}\index{krb5\_free\_data (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_data:c.krb5_free_data}\pysiglinewithargsret{void \bfcode{krb5\_free\_data}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Data structure to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_data\_contents - Free the contents of a krb5\_data structure and zero the data field.} +\label{appdev/refs/api/krb5_free_data_contents:krb5-free-data-contents-free-the-contents-of-a-krb5-data-structure-and-zero-the-data-field}\label{appdev/refs/api/krb5_free_data_contents::doc}\index{krb5\_free\_data\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}\pysiglinewithargsret{void \bfcode{krb5\_free\_data\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Data structure to free contents of + +\end{description}\end{quote} + +This function frees the contents of \emph{val} , but not the structure itself. + + +\subsubsection{krb5\_free\_default\_realm - Free a default realm string returned by krb5\_get\_default\_realm() .} +\label{appdev/refs/api/krb5_free_default_realm:krb5-free-default-realm-free-a-default-realm-string-returned-by-krb5-get-default-realm}\label{appdev/refs/api/krb5_free_default_realm::doc}\index{krb5\_free\_default\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_default_realm:c.krb5_free_default_realm}\pysiglinewithargsret{void \bfcode{krb5\_free\_default\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char *\emph{Â lrealm}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{lrealm} - Realm to be freed + +\end{description}\end{quote} + + +\subsubsection{krb5\_free\_enctypes - Free an array of encryption types.} +\label{appdev/refs/api/krb5_free_enctypes::doc}\label{appdev/refs/api/krb5_free_enctypes:krb5-free-enctypes-free-an-array-of-encryption-types}\index{krb5\_free\_enctypes (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_enctypes:c.krb5_free_enctypes}\pysiglinewithargsret{void \bfcode{krb5\_free\_enctypes}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Array of enctypes to be freed + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.12 +\end{notice} + + +\subsubsection{krb5\_free\_error - Free an error allocated by krb5\_read\_error() or krb5\_sendauth() .} +\label{appdev/refs/api/krb5_free_error::doc}\label{appdev/refs/api/krb5_free_error:krb5-free-error-free-an-error-allocated-by-krb5-read-error-or-krb5-sendauth}\index{krb5\_free\_error (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_error:c.krb5_free_error}\pysiglinewithargsret{void \bfcode{krb5\_free\_error}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_error:c.krb5_error]{krb5\_error}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Error data structure to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_host\_realm - Free the memory allocated by krb5\_get\_host\_realm() .} +\label{appdev/refs/api/krb5_free_host_realm::doc}\label{appdev/refs/api/krb5_free_host_realm:krb5-free-host-realm-free-the-memory-allocated-by-krb5-get-host-realm}\index{krb5\_free\_host\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_host_realm:c.krb5_free_host_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_free\_host\_realm}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char *const *\emph{Â realmlist}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{realmlist} - List of realm names to be released + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_free\_keyblock - Free a krb5\_keyblock structure.} +\label{appdev/refs/api/krb5_free_keyblock:krb5-free-keyblock-free-a-krb5-keyblock-structure}\label{appdev/refs/api/krb5_free_keyblock::doc}\index{krb5\_free\_keyblock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock}\pysiglinewithargsret{void \bfcode{krb5\_free\_keyblock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Keyblock to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_keyblock\_contents - Free the contents of a krb5\_keyblock structure.} +\label{appdev/refs/api/krb5_free_keyblock_contents::doc}\label{appdev/refs/api/krb5_free_keyblock_contents:krb5-free-keyblock-contents-free-the-contents-of-a-krb5-keyblock-structure}\index{krb5\_free\_keyblock\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents}\pysiglinewithargsret{void \bfcode{krb5\_free\_keyblock\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Keyblock to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{key} , but not the structure itself. + + +\subsubsection{krb5\_free\_keytab\_entry\_contents - Free the contents of a key table entry.} +\label{appdev/refs/api/krb5_free_keytab_entry_contents:krb5-free-keytab-entry-contents-free-the-contents-of-a-key-table-entry}\label{appdev/refs/api/krb5_free_keytab_entry_contents::doc}\index{krb5\_free\_keytab\_entry\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_keytab_entry_contents:c.krb5_free_keytab_entry_contents}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_free\_keytab\_entry\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{entry} - Key table entry whose contents are to be freed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +The pointer is not freed. +\end{notice} + + +\subsubsection{krb5\_free\_string - Free a string allocated by a krb5 function.} +\label{appdev/refs/api/krb5_free_string:krb5-free-string-free-a-string-allocated-by-a-krb5-function}\label{appdev/refs/api/krb5_free_string::doc}\index{krb5\_free\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_string:c.krb5_free_string}\pysiglinewithargsret{void \bfcode{krb5\_free\_string}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - String to be freed + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_free\_ticket - Free a ticket.} +\label{appdev/refs/api/krb5_free_ticket:krb5-free-ticket-free-a-ticket}\label{appdev/refs/api/krb5_free_ticket::doc}\index{krb5\_free\_ticket (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_ticket:c.krb5_free_ticket}\pysiglinewithargsret{void \bfcode{krb5\_free\_ticket}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Ticket to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_unparsed\_name - Free a string representation of a principal.} +\label{appdev/refs/api/krb5_free_unparsed_name::doc}\label{appdev/refs/api/krb5_free_unparsed_name:krb5-free-unparsed-name-free-a-string-representation-of-a-principal}\index{krb5\_free\_unparsed\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_unparsed_name:c.krb5_free_unparsed_name}\pysiglinewithargsret{void \bfcode{krb5\_free\_unparsed\_name}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, char *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Name string to be freed + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_permitted\_enctypes - Return a list of encryption types permitted for session keys.} +\label{appdev/refs/api/krb5_get_permitted_enctypes:krb5-get-permitted-enctypes-return-a-list-of-encryption-types-permitted-for-session-keys}\label{appdev/refs/api/krb5_get_permitted_enctypes::doc}\index{krb5\_get\_permitted\_enctypes (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_permitted_enctypes:c.krb5_get_permitted_enctypes}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_permitted\_enctypes}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} **\emph{Â ktypes}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{ktypes} - Zero-terminated list of encryption types + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function returns the list of encryption types permitted for session keys within \emph{context} , as determined by configuration or by a previous call to {\hyperref[appdev/refs/api/krb5_set_default_tgs_enctypes:c.krb5_set_default_tgs_enctypes]{\code{krb5\_set\_default\_tgs\_enctypes()}}} . + +Use {\hyperref[appdev/refs/api/krb5_free_enctypes:c.krb5_free_enctypes]{\code{krb5\_free\_enctypes()}}} to free \emph{ktypes} when it is no longer needed. + + +\subsubsection{krb5\_get\_server\_rcache - Generate a replay cache object for server use and open it.} +\label{appdev/refs/api/krb5_get_server_rcache:krb5-get-server-rcache-generate-a-replay-cache-object-for-server-use-and-open-it}\label{appdev/refs/api/krb5_get_server_rcache::doc}\index{krb5\_get\_server\_rcache (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_server_rcache:c.krb5_get_server_rcache}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_server\_rcache}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â piece}, {\hyperref[appdev/refs/types/krb5_rcache:c.krb5_rcache]{krb5\_rcache}} *\emph{Â rcptr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{piece} - Unique identifier for replay cache + +\textbf{{[}out{]}} \textbf{rcptr} - Handle to an open rcache + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function generates a replay cache name based on \emph{piece} and opens a handle to it. Typically \emph{piece} is the first component of the service principal name. Use krb5\_rc\_close() to close \emph{rcptr} when it is no longer needed. + + +\subsubsection{krb5\_get\_time\_offsets - Return the time offsets from the os context.} +\label{appdev/refs/api/krb5_get_time_offsets:krb5-get-time-offsets-return-the-time-offsets-from-the-os-context}\label{appdev/refs/api/krb5_get_time_offsets::doc}\index{krb5\_get\_time\_offsets (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_time_offsets:c.krb5_get_time_offsets}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_time\_offsets}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â seconds}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â microseconds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{seconds} - Time offset, seconds portion + +\textbf{{[}out{]}} \textbf{microseconds} - Time offset, microseconds portion + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function returns the time offsets in \emph{context} . + + +\subsubsection{krb5\_init\_context\_profile - Create a krb5 library context using a specified profile.} +\label{appdev/refs/api/krb5_init_context_profile:krb5-init-context-profile-create-a-krb5-library-context-using-a-specified-profile}\label{appdev/refs/api/krb5_init_context_profile::doc}\index{krb5\_init\_context\_profile (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_context_profile:c.krb5_init_context_profile}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_context\_profile}}{struct \_profile\_t *\emph{Â profile}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}} *\emph{Â context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{profile} - Profile object (NULL to create default profile) + +\textbf{{[}in{]}} \textbf{flags} - Context initialization flags + +\textbf{{[}out{]}} \textbf{context} - Library context + +\end{description}\end{quote} + +Create a context structure, optionally using a specified profile and initialization flags. If \emph{profile} is NULL, the default profile will be created from config files. If \emph{profile} is non-null, a copy of it will be made for the new context; the caller should still clean up its copy. Valid flag values are: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:KRB5_INIT_CONTEXT_SECURE]{\code{KRB5\_INIT\_CONTEXT\_SECURE}}} Ignore environment variables + +\item {} +{\hyperref[appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:KRB5_INIT_CONTEXT_KDC]{\code{KRB5\_INIT\_CONTEXT\_KDC}}} Use KDC configuration if creating profile + +\end{itemize} + + +\subsubsection{krb5\_init\_creds\_free - Free an initial credentials context.} +\label{appdev/refs/api/krb5_init_creds_free::doc}\label{appdev/refs/api/krb5_init_creds_free:krb5-init-creds-free-free-an-initial-credentials-context}\index{krb5\_init\_creds\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_free:c.krb5_init_creds_free}\pysiglinewithargsret{void \bfcode{krb5\_init\_creds\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\end{description}\end{quote} + + +\subsubsection{krb5\_init\_creds\_get - Acquire credentials using an initial credentials context.} +\label{appdev/refs/api/krb5_init_creds_get::doc}\label{appdev/refs/api/krb5_init_creds_get:krb5-init-creds-get-acquire-credentials-using-an-initial-credentials-context}\index{krb5\_init\_creds\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_get:c.krb5_init_creds_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function synchronously obtains credentials using a context created by {\hyperref[appdev/refs/api/krb5_init_creds_init:c.krb5_init_creds_init]{\code{krb5\_init\_creds\_init()}}} . On successful return, the credentials can be retrieved with {\hyperref[appdev/refs/api/krb5_init_creds_get_creds:c.krb5_init_creds_get_creds]{\code{krb5\_init\_creds\_get\_creds()}}} . + + +\subsubsection{krb5\_init\_creds\_get\_creds - Retrieve acquired credentials from an initial credentials context.} +\label{appdev/refs/api/krb5_init_creds_get_creds::doc}\label{appdev/refs/api/krb5_init_creds_get_creds:krb5-init-creds-get-creds-retrieve-acquired-credentials-from-an-initial-credentials-context}\index{krb5\_init\_creds\_get\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_get_creds:c.krb5_init_creds_get_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_get\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}out{]}} \textbf{creds} - Acquired credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function copies the acquired initial credentials from \emph{ctx} into \emph{creds} , after the successful completion of {\hyperref[appdev/refs/api/krb5_init_creds_get:c.krb5_init_creds_get]{\code{krb5\_init\_creds\_get()}}} or {\hyperref[appdev/refs/api/krb5_init_creds_step:c.krb5_init_creds_step]{\code{krb5\_init\_creds\_step()}}} . Use {\hyperref[appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents]{\code{krb5\_free\_cred\_contents()}}} to free \emph{creds} when it is no longer needed. + + +\subsubsection{krb5\_init\_creds\_get\_error - Get the last error from KDC from an initial credentials context.} +\label{appdev/refs/api/krb5_init_creds_get_error:krb5-init-creds-get-error-get-the-last-error-from-kdc-from-an-initial-credentials-context}\label{appdev/refs/api/krb5_init_creds_get_error::doc}\index{krb5\_init\_creds\_get\_error (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_get_error:c.krb5_init_creds_get_error}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_get\_error}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error:c.krb5_error]{krb5\_error}} **\emph{Â error}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}out{]}} \textbf{error} - Error from KDC, or NULL if none was received + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_init\_creds\_get\_times - Retrieve ticket times from an initial credentials context.} +\label{appdev/refs/api/krb5_init_creds_get_times::doc}\label{appdev/refs/api/krb5_init_creds_get_times:krb5-init-creds-get-times-retrieve-ticket-times-from-an-initial-credentials-context}\index{krb5\_init\_creds\_get\_times (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_get_times:c.krb5_init_creds_get_times}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_get\_times}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} *\emph{Â times}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}out{]}} \textbf{times} - Ticket times for acquired credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The initial credentials context must have completed obtaining credentials via either {\hyperref[appdev/refs/api/krb5_init_creds_get:c.krb5_init_creds_get]{\code{krb5\_init\_creds\_get()}}} or {\hyperref[appdev/refs/api/krb5_init_creds_step:c.krb5_init_creds_step]{\code{krb5\_init\_creds\_step()}}} . + + +\subsubsection{krb5\_init\_creds\_init - Create a context for acquiring initial credentials.} +\label{appdev/refs/api/krb5_init_creds_init::doc}\label{appdev/refs/api/krb5_init_creds_init:krb5-init-creds-init-create-a-context-for-acquiring-initial-credentials}\index{krb5\_init\_creds\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_init:c.krb5_init_creds_init}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_init}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct]{krb5\_prompter\_fct}}\emph{Â prompter}, void *\emph{Â data}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â start\_time}, {\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â options}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}} *\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{client} - Client principal to get initial creds for + +\textbf{{[}in{]}} \textbf{prompter} - Prompter callback + +\textbf{{[}in{]}} \textbf{data} - Prompter callback argument + +\textbf{{[}in{]}} \textbf{start\_time} - Time when credentials become valid (0 for now) + +\textbf{{[}in{]}} \textbf{options} - Options structure (NULL for default) + +\textbf{{[}out{]}} \textbf{ctx} - New initial credentials context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a new context for acquiring initial credentials. Use {\hyperref[appdev/refs/api/krb5_init_creds_free:c.krb5_init_creds_free]{\code{krb5\_init\_creds\_free()}}} to free \emph{ctx} when it is no longer needed. + + +\subsubsection{krb5\_init\_creds\_set\_keytab - Specify a keytab to use for acquiring initial credentials.} +\label{appdev/refs/api/krb5_init_creds_set_keytab:krb5-init-creds-set-keytab-specify-a-keytab-to-use-for-acquiring-initial-credentials}\label{appdev/refs/api/krb5_init_creds_set_keytab::doc}\index{krb5\_init\_creds\_set\_keytab (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_set_keytab:c.krb5_init_creds_set_keytab}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_set\_keytab}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function supplies a keytab containing the client key for an initial credentials request. + + +\subsubsection{krb5\_init\_creds\_set\_password - Set a password for acquiring initial credentials.} +\label{appdev/refs/api/krb5_init_creds_set_password:krb5-init-creds-set-password-set-a-password-for-acquiring-initial-credentials}\label{appdev/refs/api/krb5_init_creds_set_password::doc}\index{krb5\_init\_creds\_set\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_set_password:c.krb5_init_creds_set_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_set\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, const char *\emph{Â password}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}in{]}} \textbf{password} - Password + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function supplies a password to be used to construct the client key for an initial credentials request. + + +\subsubsection{krb5\_init\_creds\_set\_service - Specify a service principal for acquiring initial credentials.} +\label{appdev/refs/api/krb5_init_creds_set_service::doc}\label{appdev/refs/api/krb5_init_creds_set_service:krb5-init-creds-set-service-specify-a-service-principal-for-acquiring-initial-credentials}\index{krb5\_init\_creds\_set\_service (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_set_service:c.krb5_init_creds_set_service}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_set\_service}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, const char *\emph{Â service}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}in{]}} \textbf{service} - Service principal string + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function supplies a service principal string to acquire initial credentials for instead of the default krbtgt service. \emph{service} is parsed as a principal name; any realm part is ignored. + + +\subsubsection{krb5\_init\_creds\_step - Get the next KDC request for acquiring initial credentials.} +\label{appdev/refs/api/krb5_init_creds_step::doc}\label{appdev/refs/api/krb5_init_creds_step:krb5-init-creds-step-get-the-next-kdc-request-for-acquiring-initial-credentials}\index{krb5\_init\_creds\_step (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_creds_step:c.krb5_init_creds_step}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_creds\_step}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context]{krb5\_init\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â in}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â out}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â realm}, unsigned int *\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - Initial credentials context + +\textbf{{[}in{]}} \textbf{in} - KDC response (empty on the first call) + +\textbf{{[}out{]}} \textbf{out} - Next KDC request + +\textbf{{[}out{]}} \textbf{realm} - Realm for next KDC request + +\textbf{{[}out{]}} \textbf{flags} - Output flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function constructs the next KDC request in an initial credential exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, \emph{in} should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. + +If more requests are needed, \emph{flags} will be set to {\hyperref[appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:KRB5_INIT_CREDS_STEP_FLAG_CONTINUE]{\code{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}}} and the next request will be placed in \emph{out} . If no more requests are needed, \emph{flags} will not contain {\hyperref[appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:KRB5_INIT_CREDS_STEP_FLAG_CONTINUE]{\code{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}}} and \emph{out} will be empty. + +If this function returns \textbf{KRB5KRB\_ERR\_RESPONSE\_TOO\_BIG} , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the initial credential exchange has failed. + + +\subsubsection{krb5\_init\_keyblock - Initialize an empty krb5\_keyblock .} +\label{appdev/refs/api/krb5_init_keyblock:krb5-init-keyblock-initialize-an-empty-krb5-keyblock}\label{appdev/refs/api/krb5_init_keyblock::doc}\index{krb5\_init\_keyblock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_keyblock:c.krb5_init_keyblock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_keyblock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t\emph{Â length}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{length} - Length of keyblock (or 0) + +\textbf{{[}out{]}} \textbf{out} - New keyblock structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Initialize a new keyblock and allocate storage for the contents of the key. It is legal to pass in a length of 0, in which case contents are left unallocated. Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{out} when it is no longer needed. + +\begin{notice}{note}{Note:} +If \emph{length} is set to 0, contents are left unallocated. +\end{notice} + + +\subsubsection{krb5\_is\_referral\_realm - Check for a match with KRB5\_REFERRAL\_REALM.} +\label{appdev/refs/api/krb5_is_referral_realm:krb5-is-referral-realm-check-for-a-match-with-krb5-referral-realm}\label{appdev/refs/api/krb5_is_referral_realm::doc}\index{krb5\_is\_referral\_realm (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_is_referral_realm:c.krb5_is_referral_realm}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_is\_referral\_realm}}{const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â r}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{r} - Realm to check + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if r is zero-length, FALSE otherwise + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_add\_entry - Add a new entry to a key table.} +\label{appdev/refs/api/krb5_kt_add_entry:krb5-kt-add-entry-add-a-new-entry-to-a-key-table}\label{appdev/refs/api/krb5_kt_add_entry::doc}\index{krb5\_kt\_add\_entry (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_add_entry:c.krb5_kt_add_entry}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_add\_entry}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â id}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{id} - Key table handle + +\textbf{{[}in{]}} \textbf{entry} - Entry to be added + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +ENOMEM Insufficient memory + +\item {} +KRB5\_KT\_NOWRITE Key table is not writeable + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_end\_seq\_get - Release a keytab cursor.} +\label{appdev/refs/api/krb5_kt_end_seq_get::doc}\label{appdev/refs/api/krb5_kt_end_seq_get:krb5-kt-end-seq-get-release-a-keytab-cursor}\index{krb5\_kt\_end\_seq\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_end_seq_get:c.krb5_kt_end_seq_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_end\_seq\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor]{krb5\_kt\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\textbf{{[}out{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function should be called to release the cursor created by {\hyperref[appdev/refs/api/krb5_kt_start_seq_get:c.krb5_kt_start_seq_get]{\code{krb5\_kt\_start\_seq\_get()}}} . + + +\subsubsection{krb5\_kt\_get\_entry - Get an entry from a key table.} +\label{appdev/refs/api/krb5_kt_get_entry:krb5-kt-get-entry-get-an-entry-from-a-key-table}\label{appdev/refs/api/krb5_kt_get_entry::doc}\index{krb5\_kt\_get\_entry (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_get_entry:c.krb5_kt_get_entry}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_get\_entry}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, {\hyperref[appdev/refs/types/krb5_kvno:c.krb5_kvno]{krb5\_kvno}}\emph{Â vno}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\textbf{{[}in{]}} \textbf{principal} - Principal name + +\textbf{{[}in{]}} \textbf{vno} - Key version number (0 for highest available) + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type (0 zero for any enctype) + +\textbf{{[}out{]}} \textbf{entry} - Returned entry from key table + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +Kerberos error codes on failure + +\end{itemize} + +\end{description}\end{quote} + +Retrieve an entry from a key table which matches the \emph{keytab} , \emph{principal} , \emph{vno} , and \emph{enctype} . If \emph{vno} is zero, retrieve the highest-numbered kvno matching the other fields. If \emph{enctype} is 0, match any enctype. + +Use {\hyperref[appdev/refs/api/krb5_free_keytab_entry_contents:c.krb5_free_keytab_entry_contents]{\code{krb5\_free\_keytab\_entry\_contents()}}} to free \emph{entry} when it is no longer needed. + +\begin{notice}{note}{Note:} +If \emph{vno} is zero, the function retrieves the highest-numbered-kvno entry that matches the specified principal. +\end{notice} + + +\subsubsection{krb5\_kt\_have\_content - Check if a keytab exists and contains entries.} +\label{appdev/refs/api/krb5_kt_have_content::doc}\label{appdev/refs/api/krb5_kt_have_content:krb5-kt-have-content-check-if-a-keytab-exists-and-contains-entries}\index{krb5\_kt\_have\_content (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_have_content:c.krb5_kt_have_content}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_have\_content}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Keytab exists and contains entries + +\item {} +KRB5\_KT\_NOTFOUND Keytab does not contain entries + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.11 +\end{notice} + + +\subsubsection{krb5\_kt\_next\_entry - Retrieve the next entry from the key table.} +\label{appdev/refs/api/krb5_kt_next_entry:krb5-kt-next-entry-retrieve-the-next-entry-from-the-key-table}\label{appdev/refs/api/krb5_kt_next_entry::doc}\index{krb5\_kt\_next\_entry (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_next_entry:c.krb5_kt_next_entry}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_next\_entry}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}, {\hyperref[appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor]{krb5\_kt\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\textbf{{[}out{]}} \textbf{entry} - Returned key table entry + +\textbf{{[}in{]}} \textbf{cursor} - Key table cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_KT\_END - if the last entry was reached + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Return the next sequential entry in \emph{keytab} and advance \emph{cursor} . Callers must release the returned entry with {\hyperref[appdev/refs/api/krb5_kt_free_entry:c.krb5_kt_free_entry]{\code{krb5\_kt\_free\_entry()}}} . + + +\subsubsection{krb5\_kt\_read\_service\_key - Retrieve a service key from a key table.} +\label{appdev/refs/api/krb5_kt_read_service_key::doc}\label{appdev/refs/api/krb5_kt_read_service_key:krb5-kt-read-service-key-retrieve-a-service-key-from-a-key-table}\index{krb5\_kt\_read\_service\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_read_service_key:c.krb5_kt_read_service_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_read\_service\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â keyprocarg}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â principal}, {\hyperref[appdev/refs/types/krb5_kvno:c.krb5_kvno]{krb5\_kvno}}\emph{Â vno}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keyprocarg} - Name of a key table (NULL to use default name) + +\textbf{{[}in{]}} \textbf{principal} - Service principal + +\textbf{{[}in{]}} \textbf{vno} - Key version number (0 for highest available) + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type (0 for any type) + +\textbf{{[}out{]}} \textbf{key} - Service key from key table + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error code if not found or keyprocarg is invalid. + +\end{itemize} + +\end{description}\end{quote} + +Open and search the specified key table for the entry identified by \emph{principal} , \emph{enctype} , and \emph{vno} . If no key is found, return an error code. + +The default key table is used, unless \emph{keyprocarg} is non-null. \emph{keyprocarg} designates a specific key table. + +Use {\hyperref[appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock]{\code{krb5\_free\_keyblock()}}} to free \emph{key} when it is no longer needed. + + +\subsubsection{krb5\_kt\_remove\_entry - Remove an entry from a key table.} +\label{appdev/refs/api/krb5_kt_remove_entry::doc}\label{appdev/refs/api/krb5_kt_remove_entry:krb5-kt-remove-entry-remove-an-entry-from-a-key-table}\index{krb5\_kt\_remove\_entry (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_remove_entry:c.krb5_kt_remove_entry}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_remove\_entry}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â id}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{id} - Key table handle + +\textbf{{[}in{]}} \textbf{entry} - Entry to remove from key table + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_KT\_NOWRITE Key table is not writable + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_kt\_start\_seq\_get - Start a sequential retrieval of key table entries.} +\label{appdev/refs/api/krb5_kt_start_seq_get:krb5-kt-start-seq-get-start-a-sequential-retrieval-of-key-table-entries}\label{appdev/refs/api/krb5_kt_start_seq_get::doc}\index{krb5\_kt\_start\_seq\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_start_seq_get:c.krb5_kt_start_seq_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_start\_seq\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor]{krb5\_kt\_cursor}} *\emph{Â cursor}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keytab} - Key table handle + +\textbf{{[}out{]}} \textbf{cursor} - Cursor + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Prepare to read sequentially every key in the specified key table. Use {\hyperref[appdev/refs/api/krb5_kt_end_seq_get:c.krb5_kt_end_seq_get]{\code{krb5\_kt\_end\_seq\_get()}}} to release the cursor when it is no longer needed. + + +\subsubsection{krb5\_make\_authdata\_kdc\_issued - Encode and sign AD-KDCIssued authorization data.} +\label{appdev/refs/api/krb5_make_authdata_kdc_issued:krb5-make-authdata-kdc-issued-encode-and-sign-ad-kdcissued-authorization-data}\label{appdev/refs/api/krb5_make_authdata_kdc_issued::doc}\index{krb5\_make\_authdata\_kdc\_issued (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_make_authdata_kdc_issued:c.krb5_make_authdata_kdc_issued}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_make\_authdata\_kdc\_issued}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â issuer}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â authdata}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â ad\_kdcissued}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Session key + +\textbf{{[}in{]}} \textbf{issuer} - The name of the issuing principal + +\textbf{{[}in{]}} \textbf{authdata} - List of authorization data to be signed + +\textbf{{[}out{]}} \textbf{ad\_kdcissued} - List containing AD-KDCIssued authdata + +\end{description}\end{quote} + +This function wraps a list of authorization data entries \emph{authdata} in an AD-KDCIssued container (see RFC 4120 section 5.2.6.2) signed with \emph{key} . The result is returned in \emph{ad\_kdcissued} as a single-element list. + + +\subsubsection{krb5\_merge\_authdata - Merge two authorization data lists into a new list.} +\label{appdev/refs/api/krb5_merge_authdata:krb5-merge-authdata-merge-two-authorization-data-lists-into-a-new-list}\label{appdev/refs/api/krb5_merge_authdata::doc}\index{krb5\_merge\_authdata (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_merge_authdata:c.krb5_merge_authdata}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_merge\_authdata}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â inauthdat1}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â inauthdat2}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â outauthdat}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{inauthdat1} - First list of \emph{krb5\_authdata} structures + +\textbf{{[}in{]}} \textbf{inauthdat2} - Second list of \emph{krb5\_authdata} structures + +\textbf{{[}out{]}} \textbf{outauthdat} - Merged list of \emph{krb5\_authdata} structures + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Merge two authdata arrays, such as the array from a ticket and authenticator. Use {\hyperref[appdev/refs/api/krb5_free_authdata:c.krb5_free_authdata]{\code{krb5\_free\_authdata()}}} to free \emph{outauthdat} when it is no longer needed. + +\begin{notice}{note}{Note:} +The last array entry in \emph{inauthdat1} and \emph{inauthdat2} must be a NULL pointer. +\end{notice} + + +\subsubsection{krb5\_mk\_1cred - Format a KRB-CRED message for a single set of credentials.} +\label{appdev/refs/api/krb5_mk_1cred:krb5-mk-1cred-format-a-krb-cred-message-for-a-single-set-of-credentials}\label{appdev/refs/api/krb5_mk_1cred::doc}\index{krb5\_mk\_1cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_1cred:c.krb5_mk_1cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_1cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â pcreds}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} **\emph{Â ppdata}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{pcreds} - Pointer to credentials + +\textbf{{[}out{]}} \textbf{ppdata} - Encoded credentials + +\textbf{{[}out{]}} \textbf{outdata} - Replay cache data (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +ENOMEM Insufficient memory + +\item {} +KRB5\_RC\_REQUIRED Message replay detection requires rcache parameter + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This is a convenience function that calls {\hyperref[appdev/refs/api/krb5_mk_ncred:c.krb5_mk_ncred]{\code{krb5\_mk\_ncred()}}} with a single set of credentials. + + +\subsubsection{krb5\_mk\_error - Format and encode a KRB\_ERROR message.} +\label{appdev/refs/api/krb5_mk_error:krb5-mk-error-format-and-encode-a-krb-error-message}\label{appdev/refs/api/krb5_mk_error::doc}\index{krb5\_mk\_error (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_error:c.krb5_mk_error}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_error}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_error:c.krb5_error]{krb5\_error}} *\emph{Â dec\_err}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â enc\_err}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{dec\_err} - Error structure to be encoded + +\textbf{{[}out{]}} \textbf{enc\_err} - Encoded error structure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates a \textbf{KRB\_ERROR} message in \emph{enc\_err} . Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{enc\_err} when it is no longer needed. + + +\subsubsection{krb5\_mk\_ncred - Format a KRB-CRED message for an array of credentials.} +\label{appdev/refs/api/krb5_mk_ncred::doc}\label{appdev/refs/api/krb5_mk_ncred:krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials}\index{krb5\_mk\_ncred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_ncred:c.krb5_mk_ncred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_ncred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â ppcreds}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} **\emph{Â ppdata}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{ppcreds} - Null-terminated array of credentials + +\textbf{{[}out{]}} \textbf{ppdata} - Encoded credentials + +\textbf{{[}out{]}} \textbf{outdata} - Replay cache information (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +ENOMEM Insufficient memory + +\item {} +KRB5\_RC\_REQUIRED Message replay detection requires rcache parameter + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function takes an array of credentials \emph{ppcreds} and formats a \textbf{KRB-CRED} message \emph{ppdata} to pass to {\hyperref[appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred]{\code{krb5\_rd\_cred()}}} . + +The message will be encrypted using the send subkey of \emph{auth\_context} if it is present, or the session key otherwise. + +\begin{notice}{note}{Note:} +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in \emph{auth\_context} , \emph{outdata} is required. +\end{notice} + + +\subsubsection{krb5\_mk\_priv - Format a KRB-PRIV message.} +\label{appdev/refs/api/krb5_mk_priv:krb5-mk-priv-format-a-krb-priv-message}\label{appdev/refs/api/krb5_mk_priv::doc}\index{krb5\_mk\_priv (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_priv:c.krb5_mk_priv}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_priv}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â userdata}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{userdata} - User data for \textbf{KRB-PRIV} message + +\textbf{{[}out{]}} \textbf{outbuf} - Formatted \textbf{KRB-PRIV} message + +\textbf{{[}out{]}} \textbf{outdata} - Replay cache handle (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe]{\code{krb5\_mk\_safe()}}} , but the message is encrypted and integrity-protected, not just integrity-protected. + +The local address in \emph{auth\_context} must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} - Use timestamps in \emph{outdata} + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} - Copy timestamp to \emph{outdata} . + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} - Use local sequence numbers from \emph{auth\_context} in replay cache. + +\item {} +{\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} - Use local sequence numbers from \emph{auth\_context} as a sequence number in the encrypted message \emph{outbuf} . + +\end{itemize} + +\begin{notice}{note}{Note:} +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in \emph{auth\_context} , the \emph{outdata} is required. + +The flags from \emph{auth\_context} specify whether sequence numbers or timestamps will be used to identify the message. Valid values are: +\end{notice} + + +\subsubsection{krb5\_mk\_rep - Format and encrypt a KRB\_AP\_REP message.} +\label{appdev/refs/api/krb5_mk_rep:krb5-mk-rep-format-and-encrypt-a-krb-ap-rep-message}\label{appdev/refs/api/krb5_mk_rep::doc}\index{krb5\_mk\_rep (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_rep:c.krb5_mk_rep}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_rep}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{outbuf} - \textbf{AP-REP} message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function fills in \emph{outbuf} with an AP-REP message using information from \emph{auth\_context} . + +If the flags in \emph{auth\_context} indicate that a sequence number should be used (either {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} ) and the local sequence number in \emph{auth\_context} is 0, a new number will be generated with krb5\_generate\_seq\_number(). + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. + + +\subsubsection{krb5\_mk\_rep\_dce - Format and encrypt a KRB\_AP\_REP message for DCE RPC.} +\label{appdev/refs/api/krb5_mk_rep_dce:krb5-mk-rep-dce-format-and-encrypt-a-krb-ap-rep-message-for-dce-rpc}\label{appdev/refs/api/krb5_mk_rep_dce::doc}\index{krb5\_mk\_rep\_dce (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_rep_dce:c.krb5_mk_rep_dce}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_rep\_dce}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}out{]}} \textbf{outbuf} - \textbf{AP-REP} message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. + + +\subsubsection{krb5\_mk\_req - Create a KRB\_AP\_REQ message.} +\label{appdev/refs/api/krb5_mk_req:krb5-mk-req-create-a-krb-ap-req-message}\label{appdev/refs/api/krb5_mk_req::doc}\index{krb5\_mk\_req (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_req:c.krb5_mk_req}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_req}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â ap\_req\_options}, char *\emph{Â service}, char *\emph{Â hostname}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â in\_data}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{ap\_req\_options} - \code{AP\_OPTS} options + +\textbf{{[}in{]}} \textbf{service} - Service name, or NULL to use \textbf{``host''} + +\textbf{{[}in{]}} \textbf{hostname} - Host name, or NULL to use local hostname + +\textbf{{[}in{]}} \textbf{in\_data} - Application data to be checksummed in the authenticator, or NULL + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache used to obtain credentials for the desired service. + +\textbf{{[}out{]}} \textbf{outbuf} - \textbf{AP-REQ} message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_mk_req_extended:c.krb5_mk_req_extended]{\code{krb5\_mk\_req\_extended()}}} except that it uses a given \emph{hostname} , \emph{service} , and \emph{ccache} to construct a service principal name and obtain credentials. + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. + + +\subsubsection{krb5\_mk\_req\_extended - Create a KRB\_AP\_REQ message using supplied credentials.} +\label{appdev/refs/api/krb5_mk_req_extended::doc}\label{appdev/refs/api/krb5_mk_req_extended:krb5-mk-req-extended-create-a-krb-ap-req-message-using-supplied-credentials}\index{krb5\_mk\_req\_extended (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_req_extended:c.krb5_mk_req_extended}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_req\_extended}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â ap\_req\_options}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â in\_data}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â in\_creds}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{ap\_req\_options} - \code{AP\_OPTS} options + +\textbf{{[}in{]}} \textbf{in\_data} - Application data to be checksummed in the authenticator, or NULL + +\textbf{{[}in{]}} \textbf{in\_creds} - Credentials for the service with valid ticket and key + +\textbf{{[}out{]}} \textbf{outbuf} - \textbf{AP-REQ} message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Valid \emph{ap\_req\_options} are: +\begin{quote} +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:AP_OPTS_USE_SESSION_KEY]{\code{AP\_OPTS\_USE\_SESSION\_KEY}}} - Use the session key when creating the request used for user to user authentication. + +\item {} +{\hyperref[appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED]{\code{AP\_OPTS\_MUTUAL\_REQUIRED}}} - Request a mutual authentication packet from the reciever. + +\item {} +{\hyperref[appdev/refs/macros/AP_OPTS_USE_SUBKEY:AP_OPTS_USE_SUBKEY]{\code{AP\_OPTS\_USE\_SUBKEY}}} - Generate a subsession key from the current session key obtained from the credentials. + +\end{itemize} + +This function creates a KRB\_AP\_REQ message using supplied credentials \emph{in\_creds} . \emph{auth\_context} may point to an existing auth context or to NULL, in which case a new one will be created. If \emph{in\_data} is non-null, a checksum of it will be included in the authenticator contained in the KRB\_AP\_REQ message. Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. +\end{quote} + +On successful return, the authenticator is stored in \emph{auth\_context} with the \emph{client} and \emph{checksum} fields nulled out. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.) + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_mk_req:c.krb5_mk_req]{\code{krb5\_mk\_req()}}} + + + + +\subsubsection{krb5\_mk\_safe - Format a KRB-SAFE message.} +\label{appdev/refs/api/krb5_mk_safe:krb5-mk-safe-format-a-krb-safe-message}\label{appdev/refs/api/krb5_mk_safe::doc}\index{krb5\_mk\_safe (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_mk\_safe}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â userdata}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{userdata} - User data in the message + +\textbf{{[}out{]}} \textbf{outbuf} - Formatted \textbf{KRB-SAFE} buffer + +\textbf{{[}out{]}} \textbf{outdata} - Replay data. Specify NULL if not needed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function creates an integrity protected \textbf{KRB-SAFE} message using data supplied by the application. + +Fields in \emph{auth\_context} specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and \code{KRB5\_AUTH\_CONTEXT} flags. + +The local address in \emph{auth\_context} must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. + +If {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} flag is set in the \emph{auth\_context} , an entry describing the message is entered in the replay cache \emph{auth\_context-\textgreater{}rcache} which enables the caller to detect if this message is reflected by an attacker. If {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} is not set, the replay cache is not used. + +If either {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} is set, the \emph{auth\_context} local sequence number will be placed in \emph{outdata} as its sequence number. + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. + +\begin{notice}{note}{Note:} +The \emph{outdata} argument is required if {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in the \emph{auth\_context} . +\end{notice} + + +\subsubsection{krb5\_os\_localaddr - Return all interface addresses for this host.} +\label{appdev/refs/api/krb5_os_localaddr:krb5-os-localaddr-return-all-interface-addresses-for-this-host}\label{appdev/refs/api/krb5_os_localaddr::doc}\index{krb5\_os\_localaddr (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_os_localaddr:c.krb5_os_localaddr}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_os\_localaddr}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ***\emph{Â addr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{addr} - Array of krb5\_address pointers, ending with NULL + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_addresses:c.krb5_free_addresses]{\code{krb5\_free\_addresses()}}} to free \emph{addr} when it is no longer needed. + + +\subsubsection{krb5\_pac\_add\_buffer - Add a buffer to a PAC handle.} +\label{appdev/refs/api/krb5_pac_add_buffer:krb5-pac-add-buffer-add-a-buffer-to-a-pac-handle}\label{appdev/refs/api/krb5_pac_add_buffer::doc}\index{krb5\_pac\_add\_buffer (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_add_buffer:c.krb5_pac_add_buffer}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_add\_buffer}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}, {\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}}\emph{Â type}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC handle + +\textbf{{[}in{]}} \textbf{type} - Buffer type + +\textbf{{[}in{]}} \textbf{data} - contents + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function adds a buffer of type \emph{type} and contents \emph{data} to \emph{pac} if there isn't already a buffer of this type present. + +The valid values of \emph{type} is one of the following: +\begin{itemize} +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_LOGON_INFO:KRB5_PAC_LOGON_INFO]{\code{KRB5\_PAC\_LOGON\_INFO}}} - Logon information + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:KRB5_PAC_CREDENTIALS_INFO]{\code{KRB5\_PAC\_CREDENTIALS\_INFO}}} - Credentials information + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:KRB5_PAC_SERVER_CHECKSUM]{\code{KRB5\_PAC\_SERVER\_CHECKSUM}}} - Server checksum + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:KRB5_PAC_PRIVSVR_CHECKSUM]{\code{KRB5\_PAC\_PRIVSVR\_CHECKSUM}}} - KDC checksum + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_CLIENT_INFO:KRB5_PAC_CLIENT_INFO]{\code{KRB5\_PAC\_CLIENT\_INFO}}} - Client name and ticket information + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:KRB5_PAC_DELEGATION_INFO]{\code{KRB5\_PAC\_DELEGATION\_INFO}}} - Constrained delegation information + +\item {} +{\hyperref[appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:KRB5_PAC_UPN_DNS_INFO]{\code{KRB5\_PAC\_UPN\_DNS\_INFO}}} - User principal name and DNS information + +\end{itemize} + + +\subsubsection{krb5\_pac\_free - Free a PAC handle.} +\label{appdev/refs/api/krb5_pac_free:krb5-pac-free-free-a-pac-handle}\label{appdev/refs/api/krb5_pac_free::doc}\index{krb5\_pac\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_free:c.krb5_pac_free}\pysiglinewithargsret{void \bfcode{krb5\_pac\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{pac} and the structure itself. + + +\subsubsection{krb5\_pac\_get\_buffer - Retrieve a buffer value from a PAC.} +\label{appdev/refs/api/krb5_pac_get_buffer::doc}\label{appdev/refs/api/krb5_pac_get_buffer:krb5-pac-get-buffer-retrieve-a-buffer-value-from-a-pac}\index{krb5\_pac\_get\_buffer (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_get_buffer:c.krb5_pac_get_buffer}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_get\_buffer}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}, {\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}}\emph{Â type}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC handle + +\textbf{{[}in{]}} \textbf{type} - Type of buffer to retrieve + +\textbf{{[}out{]}} \textbf{data} - Buffer value + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{data} when it is no longer needed. + + +\subsubsection{krb5\_pac\_get\_types - Return an array of buffer types in a PAC handle.} +\label{appdev/refs/api/krb5_pac_get_types:krb5-pac-get-types-return-an-array-of-buffer-types-in-a-pac-handle}\label{appdev/refs/api/krb5_pac_get_types::doc}\index{krb5\_pac\_get\_types (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_get_types:c.krb5_pac_get_types}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_get\_types}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}, size\_t *\emph{Â len}, {\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} **\emph{Â types}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC handle + +\textbf{{[}out{]}} \textbf{len} - Number of entries in \emph{types} + +\textbf{{[}out{]}} \textbf{types} - Array of buffer types + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_pac\_init - Create an empty Privilege Attribute Certificate (PAC) handle.} +\label{appdev/refs/api/krb5_pac_init:krb5-pac-init-create-an-empty-privilege-attribute-certificate-pac-handle}\label{appdev/refs/api/krb5_pac_init::doc}\index{krb5\_pac\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_init:c.krb5_pac_init}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_init}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}} *\emph{Â pac}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{pac} - New PAC handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_pac_free:c.krb5_pac_free]{\code{krb5\_pac\_free()}}} to free \emph{pac} when it is no longer needed. + + +\subsubsection{krb5\_pac\_parse - Unparse an encoded PAC into a new handle.} +\label{appdev/refs/api/krb5_pac_parse:krb5-pac-parse-unparse-an-encoded-pac-into-a-new-handle}\label{appdev/refs/api/krb5_pac_parse::doc}\index{krb5\_pac\_parse (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_parse:c.krb5_pac_parse}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_parse}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const void *\emph{Â ptr}, size\_t\emph{Â len}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}} *\emph{Â pac}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ptr} - PAC buffer + +\textbf{{[}in{]}} \textbf{len} - Length of \emph{ptr} + +\textbf{{[}out{]}} \textbf{pac} - PAC handle + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_pac_free:c.krb5_pac_free]{\code{krb5\_pac\_free()}}} to free \emph{pac} when it is no longer needed. + + +\subsubsection{krb5\_pac\_sign - Sign a PAC.} +\label{appdev/refs/api/krb5_pac_sign:krb5-pac-sign-sign-a-pac}\label{appdev/refs/api/krb5_pac_sign::doc}\index{krb5\_pac\_sign (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_sign:c.krb5_pac_sign}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_sign}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â authtime}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â server\_key}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â privsvr\_key}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC handle + +\textbf{{[}in{]}} \textbf{authtime} - Expected timestamp + +\textbf{{[}in{]}} \textbf{principal} - Expected principal name (or NULL) + +\textbf{{[}in{]}} \textbf{server\_key} - Key for server checksum + +\textbf{{[}in{]}} \textbf{privsvr\_key} - Key for KDC checksum + +\textbf{{[}out{]}} \textbf{data} - Signed PAC encoding + +\end{description}\end{quote} + +This function signs \emph{pac} using the keys \emph{server\_key} and \emph{privsvr\_key} and returns the signed encoding in \emph{data} . \emph{pac} is modified to include the server and KDC checksum buffers. Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{data} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.10 +\end{notice} + + +\subsubsection{krb5\_pac\_verify - Verify a PAC.} +\label{appdev/refs/api/krb5_pac_verify::doc}\label{appdev/refs/api/krb5_pac_verify:krb5-pac-verify-verify-a-pac}\index{krb5\_pac\_verify (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_pac_verify:c.krb5_pac_verify}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_pac\_verify}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_pac:c.krb5_pac]{krb5\_pac}}\emph{Â pac}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â authtime}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â principal}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â server}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â privsvr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pac} - PAC handle + +\textbf{{[}in{]}} \textbf{authtime} - Expected timestamp + +\textbf{{[}in{]}} \textbf{principal} - Expected principal name (or NULL) + +\textbf{{[}in{]}} \textbf{server} - Key to validate server checksum (or NULL) + +\textbf{{[}in{]}} \textbf{privsvr} - Key to validate KDC checksum (or NULL) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function validates \emph{pac} against the supplied \emph{server} , \emph{privsvr} , \emph{principal} and \emph{authtime} . If \emph{principal} is NULL, the principal and authtime are not verified. If \emph{server} or \emph{privsvr} is NULL, the corresponding checksum is not verified. + +If successful, \emph{pac} is marked as verified. + +\begin{notice}{note}{Note:} +A checksum mismatch can occur if the PAC was copied from a cross-realm TGT by an ignorant KDC; also Apple Mac OS X Server Open Directory (as of 10.6) generates PACs with no server checksum at all. One should consider not failing the whole authentication because of this reason, but, instead, treating the ticket as if it did not contain a PAC or marking the PAC information as non-verified. +\end{notice} + + +\subsubsection{krb5\_prepend\_error\_message - Add a prefix to the message for an error code.} +\label{appdev/refs/api/krb5_prepend_error_message:krb5-prepend-error-message-add-a-prefix-to-the-message-for-an-error-code}\label{appdev/refs/api/krb5_prepend_error_message::doc}\index{krb5\_prepend\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_prepend_error_message:c.krb5_prepend_error_message}\pysiglinewithargsret{void \bfcode{krb5\_prepend\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, ...}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Format string for error message prefix + +\end{description}\end{quote} + +Format a message and prepend it to the current message for \emph{code} . The prefix will be separated from the old message with a colon and space. + + +\subsubsection{krb5\_principal2salt - Convert a principal name into the default salt for that principal.} +\label{appdev/refs/api/krb5_principal2salt:krb5-principal2salt-convert-a-principal-name-into-the-default-salt-for-that-principal}\label{appdev/refs/api/krb5_principal2salt::doc}\index{krb5\_principal2salt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_principal2salt:c.krb5_principal2salt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_principal2salt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â pr}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â ret}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{pr} - Principal name + +\textbf{{[}out{]}} \textbf{ret} - Default salt for \emph{pr} to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_rd\_cred - Read and validate a KRB-CRED message.} +\label{appdev/refs/api/krb5_rd_cred:krb5-rd-cred-read-and-validate-a-krb-cred-message}\label{appdev/refs/api/krb5_rd_cred::doc}\index{krb5\_rd\_cred (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_cred}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â pcreddata}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} ***\emph{Â pppcreds}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{pcreddata} - \textbf{KRB-CRED} message + +\textbf{{[}out{]}} \textbf{pppcreds} - Null-terminated array of forwarded credentials + +\textbf{{[}out{]}} \textbf{outdata} - Replay data (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} +\begin{quote} + +\emph{pcreddata} will be decrypted using the receiving subkey if it is present in \emph{auth\_context} , or the session key if the receiving subkey is not present or fails to decrypt the message. +\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_tgt_creds:c.krb5_free_tgt_creds]{\code{krb5\_free\_tgt\_creds()}}} to free \emph{pppcreds} when it is no longer needed. + +\begin{notice}{note}{Note:} +The \emph{outdata} argument is required if {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in the \emph{auth\_context} .{}` +\end{notice} + + +\subsubsection{krb5\_rd\_error - Decode a KRB-ERROR message.} +\label{appdev/refs/api/krb5_rd_error:krb5-rd-error-decode-a-krb-error-message}\label{appdev/refs/api/krb5_rd_error::doc}\index{krb5\_rd\_error (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_error:c.krb5_rd_error}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_error}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â enc\_errbuf}, {\hyperref[appdev/refs/types/krb5_error:c.krb5_error]{krb5\_error}} **\emph{Â dec\_error}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enc\_errbuf} - Encoded error message + +\textbf{{[}out{]}} \textbf{dec\_error} - Decoded error message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function processes \textbf{KRB-ERROR} message \emph{enc\_errbuf} and returns an allocated structure \emph{dec\_error} containing the error message. Use {\hyperref[appdev/refs/api/krb5_free_error:c.krb5_free_error]{\code{krb5\_free\_error()}}} to free \emph{dec\_error} when it is no longer needed. + + +\subsubsection{krb5\_rd\_priv - Process a KRB-PRIV message.} +\label{appdev/refs/api/krb5_rd_priv:krb5-rd-priv-process-a-krb-priv-message}\label{appdev/refs/api/krb5_rd_priv::doc}\index{krb5\_rd\_priv (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_priv:c.krb5_rd_priv}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_priv}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â inbuf}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication structure + +\textbf{{[}in{]}} \textbf{inbuf} - \textbf{KRB-PRIV} message to be parsed + +\textbf{{[}out{]}} \textbf{outbuf} - Data parsed from \textbf{KRB-PRIV} message + +\textbf{{[}out{]}} \textbf{outdata} - Replay data. Specify NULL if not needed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function parses a \textbf{KRB-PRIV} message, verifies its integrity, and stores its unencrypted data into \emph{outbuf} . + +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} flag is set in \emph{auth\_context} , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of \emph{auth\_context} . Otherwise, the sequence number is not used. + +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} flag is set in \emph{auth\_context} , then two additional checks are performed: +\begin{itemize} +\item {} +The timestamp in the message must be within the permitted clock skew (which is usually five minutes). + +\item {} +The message must not be a replayed message field in \emph{auth\_context} . + +\end{itemize} + +\begin{notice}{note}{Note:} +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in \emph{auth\_context} , \emph{outdata} is required. + +\emph{auth\_context} must have a remote address set. This address will be used to verify the sender address in the KRB-PRIV message. If \emph{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one. Both addresses must use type \textbf{ADDRTYPE\_ADDRPORT} . +\end{notice} + + +\subsubsection{krb5\_rd\_rep - Parse and decrypt a KRB\_AP\_REP message.} +\label{appdev/refs/api/krb5_rd_rep::doc}\label{appdev/refs/api/krb5_rd_rep:krb5-rd-rep-parse-and-decrypt-a-krb-ap-rep-message}\index{krb5\_rd\_rep (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_rep:c.krb5_rd_rep}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_rep}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â inbuf}, {\hyperref[appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part]{krb5\_ap\_rep\_enc\_part}} **\emph{Â repl}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{inbuf} - AP-REP message + +\textbf{{[}out{]}} \textbf{repl} - Decrypted reply message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function parses, decrypts and verifies a message from \emph{inbuf} and fills in \emph{repl} with a pointer to allocated memory containing the fields from the encrypted response. + +Use {\hyperref[appdev/refs/api/krb5_free_ap_rep_enc_part:c.krb5_free_ap_rep_enc_part]{\code{krb5\_free\_ap\_rep\_enc\_part()}}} to free \emph{repl} when it is no longer needed. + + +\subsubsection{krb5\_rd\_rep\_dce - Parse and decrypt a KRB\_AP\_REP message for DCE RPC.} +\label{appdev/refs/api/krb5_rd_rep_dce::doc}\label{appdev/refs/api/krb5_rd_rep_dce:krb5-rd-rep-dce-parse-and-decrypt-a-krb-ap-rep-message-for-dce-rpc}\index{krb5\_rd\_rep\_dce (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_rep_dce:c.krb5_rd_rep_dce}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_rep\_dce}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â inbuf}, {\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} *\emph{Â nonce}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{inbuf} - AP-REP message + +\textbf{{[}out{]}} \textbf{nonce} - Sequence number from the decrypted reply + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function parses, decrypts and verifies a message from \emph{inbuf} and fills in \emph{nonce} with a decrypted reply sequence number. + + +\subsubsection{krb5\_rd\_req - Parse and decrypt a KRB\_AP\_REQ message.} +\label{appdev/refs/api/krb5_rd_req::doc}\label{appdev/refs/api/krb5_rd_req:krb5-rd-req-parse-and-decrypt-a-krb-ap-req-message}\index{krb5\_rd\_req (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_req:c.krb5_rd_req}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_req}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â inbuf}, {\hyperref[appdev/refs/types/krb5_const_principal:c.krb5_const_principal]{krb5\_const\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} *\emph{Â ap\_req\_options}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} **\emph{Â ticket}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{inbuf} - AP-REQ message to be parsed + +\textbf{{[}in{]}} \textbf{server} - Matching principal for server, or NULL to allow any principal in keytab + +\textbf{{[}in{]}} \textbf{keytab} - Key table, or NULL to use the default + +\textbf{{[}out{]}} \textbf{ap\_req\_options} - If non-null, the AP-REQ flags on output + +\textbf{{[}out{]}} \textbf{ticket} - If non-null, ticket from the AP-REQ message + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function parses, decrypts and verifies a AP-REQ message from \emph{inbuf} and stores the authenticator in \emph{auth\_context} . + +If a keyblock was specified in \emph{auth\_context} using {\hyperref[appdev/refs/api/krb5_auth_con_setuseruserkey:c.krb5_auth_con_setuseruserkey]{\code{krb5\_auth\_con\_setuseruserkey()}}} , that key is used to decrypt the ticket in AP-REQ message and \emph{keytab} is ignored. In this case, \emph{server} should be specified as a complete principal name to allow for proper transited-path checking and replay cache selection. + +Otherwise, the decryption key is obtained from \emph{keytab} , or from the default keytab if it is NULL. In this case, \emph{server} may be a complete principal name, a matching principal (see {\hyperref[appdev/refs/api/krb5_sname_match:c.krb5_sname_match]{\code{krb5\_sname\_match()}}} ), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows: +\begin{itemize} +\item {} +If \emph{server} is a complete principal name, then its entry in \emph{keytab} is tried. + +\item {} +Otherwise, if \emph{keytab} is iterable, then all entries in \emph{keytab} which match \emph{server} are tried. + +\item {} +Otherwise, the server principal in the ticket must match \emph{server} , and its entry in \emph{keytab} is tried. + +\end{itemize} + +The client specified in the decrypted authenticator must match the client specified in the decrypted ticket. + +If the \emph{remote\_addr} field of \emph{auth\_context} is set, the request must come from that address. + +If a replay cache handle is provided in the \emph{auth\_context} , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of \emph{auth\_context} . + +Various other checks are performed on the decoded data, including cross-realm policy, clockskew, and ticket validation times. + +On success the authenticator, subkey, and remote sequence number of the request are stored in \emph{auth\_context} . If the {\hyperref[appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED]{\code{AP\_OPTS\_MUTUAL\_REQUIRED}}} bit is set, the local sequence number is XORed with the remote sequence number in the request. + +Use {\hyperref[appdev/refs/api/krb5_free_ticket:c.krb5_free_ticket]{\code{krb5\_free\_ticket()}}} to free \emph{ticket} when it is no longer needed. + + +\subsubsection{krb5\_rd\_safe - Process KRB-SAFE message.} +\label{appdev/refs/api/krb5_rd_safe:krb5-rd-safe-process-krb-safe-message}\label{appdev/refs/api/krb5_rd_safe::doc}\index{krb5\_rd\_safe (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_rd_safe:c.krb5_rd_safe}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_rd\_safe}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â inbuf}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â outbuf}, {\hyperref[appdev/refs/types/krb5_replay_data:c.krb5_replay_data]{krb5\_replay\_data}} *\emph{Â outdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{auth\_context} - Authentication context + +\textbf{{[}in{]}} \textbf{inbuf} - \textbf{KRB-SAFE} message to be parsed + +\textbf{{[}out{]}} \textbf{outbuf} - Data parsed from \textbf{KRB-SAFE} message + +\textbf{{[}out{]}} \textbf{outdata} - Replay data. Specify NULL if not needed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function parses a \textbf{KRB-SAFE} message, verifies its integrity, and stores its data into \emph{outbuf} . + +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} flag is set in \emph{auth\_context} , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of \emph{auth\_context} . Otherwise, the sequence number is not used. + +If the {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME]{\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} flag is set in \emph{auth\_context} , then two additional checks are performed: +\begin{quote} +\begin{itemize} +\item {} +The timestamp in the message must be within the permitted clock skew (which is usually five minutes). + +\item {} +The message must not be a replayed message field in \emph{auth\_context} . + +\end{itemize} + +Use {\hyperref[appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents]{\code{krb5\_free\_data\_contents()}}} to free \emph{outbuf} when it is no longer needed. +\end{quote} + +\begin{notice}{note}{Note:} +The \emph{outdata} argument is required if {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME]{\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} or {\hyperref[appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE]{\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} flag is set in the \emph{auth\_context} . + +\emph{auth\_context} must have a remote address set. This address will be used to verify the sender address in the KRB-SAFE message. If \emph{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one. Both addresses must use type \textbf{ADDRTYPE\_ADDRPORT} . +\end{notice} + + +\subsubsection{krb5\_read\_password - Read a password from keyboard input.} +\label{appdev/refs/api/krb5_read_password:krb5-read-password-read-a-password-from-keyboard-input}\label{appdev/refs/api/krb5_read_password::doc}\index{krb5\_read\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_read_password:c.krb5_read_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_read\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const char *\emph{Â prompt}, const char *\emph{Â prompt2}, char *\emph{Â return\_pwd}, unsigned int *\emph{Â size\_return}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{prompt} - First user prompt when reading password + +\textbf{{[}in{]}} \textbf{prompt2} - Second user prompt (NULL to prompt only once) + +\textbf{{[}out{]}} \textbf{return\_pwd} - Returned password + +\textbf{{[}inout{]}} \textbf{size\_return} - On input, maximum size of password; on output, size of password read + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Error in reading or verifying the password Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function reads a password from keyboard input and stores it in \emph{return\_pwd} . \emph{size\_return} should be set by the caller to the amount of storage space available in \emph{return\_pwd} ; on successful return, it will be set to the length of the password read. +\begin{quote} + +\emph{prompt} is printed to the terminal, followed by'':'', and then a password is read from the keyboard. +\end{quote} + +If \emph{prompt2} is NULL, the password is read only once. Otherwise, \emph{prompt2} is printed to the terminal and a second password is read. If the two passwords entered are not identical, KRB5\_LIBOS\_BADPWDMATCH is returned. + +Echoing is turned off when the password is read. + + +\subsubsection{krb5\_salttype\_to\_string - Convert a salt type to a string.} +\label{appdev/refs/api/krb5_salttype_to_string::doc}\label{appdev/refs/api/krb5_salttype_to_string:krb5-salttype-to-string-convert-a-salt-type-to-a-string}\index{krb5\_salttype\_to\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_salttype_to_string:c.krb5_salttype_to_string}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_salttype\_to\_string}}{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â salttype}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{salttype} - Salttype to convert + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to receive the converted string + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_server\_decrypt\_ticket\_keytab - Decrypt a ticket using the specified key table.} +\label{appdev/refs/api/krb5_server_decrypt_ticket_keytab:krb5-server-decrypt-ticket-keytab-decrypt-a-ticket-using-the-specified-key-table}\label{appdev/refs/api/krb5_server_decrypt_ticket_keytab::doc}\index{krb5\_server\_decrypt\_ticket\_keytab (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_server_decrypt_ticket_keytab:c.krb5_server_decrypt_ticket_keytab}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_server\_decrypt\_ticket\_keytab}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â kt}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} *\emph{Â ticket}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{kt} - Key table + +\textbf{{[}in{]}} \textbf{ticket} - Ticket to be decrypted + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function takes a \emph{ticket} as input and decrypts it using key data from \emph{kt} . The result is placed into \emph{ticket-\textgreater{}enc\_part2} . + + +\subsubsection{krb5\_set\_default\_tgs\_enctypes - Set default TGS encryption types in a krb5\_context structure.} +\label{appdev/refs/api/krb5_set_default_tgs_enctypes::doc}\label{appdev/refs/api/krb5_set_default_tgs_enctypes:krb5-set-default-tgs-enctypes-set-default-tgs-encryption-types-in-a-krb5-context-structure}\index{krb5\_set\_default\_tgs\_enctypes (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_default_tgs_enctypes:c.krb5_set_default_tgs_enctypes}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_default\_tgs\_enctypes}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â etypes}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{etypes} - Encryption type(s) to set + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\item {} +KRB5\_PROG\_ETYPE\_NOSUPP Program lacks support for encryption type + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the default enctype list for TGS requests made using \emph{context} to \emph{etypes} . + +\begin{notice}{note}{Note:} +This overrides the default list (from config file or built-in). +\end{notice} + + +\subsubsection{krb5\_set\_error\_message - Set an extended error message for an error code.} +\label{appdev/refs/api/krb5_set_error_message::doc}\label{appdev/refs/api/krb5_set_error_message:krb5-set-error-message-set-an-extended-error-message-for-an-error-code}\index{krb5\_set\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_error_message:c.krb5_set_error_message}\pysiglinewithargsret{void \bfcode{krb5\_set\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, ...}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Error string for the error code + +\end{description}\end{quote} + + +\subsubsection{krb5\_set\_kdc\_recv\_hook - Set a KDC post-receive hook function.} +\label{appdev/refs/api/krb5_set_kdc_recv_hook::doc}\label{appdev/refs/api/krb5_set_kdc_recv_hook:krb5-set-kdc-recv-hook-set-a-kdc-post-receive-hook-function}\index{krb5\_set\_kdc\_recv\_hook (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_kdc_recv_hook:c.krb5_set_kdc_recv_hook}\pysiglinewithargsret{void \bfcode{krb5\_set\_kdc\_recv\_hook}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_post_recv_fn:c.krb5_post_recv_fn]{krb5\_post\_recv\_fn}}\emph{Â recv\_hook}, void *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - The library context. + +\textbf{{[}in{]}} \textbf{recv\_hook} - Hook function (or NULL to disable the hook) + +\textbf{{[}in{]}} \textbf{data} - Callback data to be passed to \emph{recv\_hook} + +\end{description}\end{quote} +\begin{quote} + +\emph{recv\_hook} will be called after a reply is received from a KDC during a call to a library function such as {\hyperref[appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials]{\code{krb5\_get\_credentials()}}} . The hook function may inspect or override the reply. This hook will not be executed if the pre-send hook returns a synthetic reply. +\end{quote} + +\begin{notice}{note}{Note:} +New in 1.15 +\end{notice} + + +\subsubsection{krb5\_set\_kdc\_send\_hook - Set a KDC pre-send hook function.} +\label{appdev/refs/api/krb5_set_kdc_send_hook:krb5-set-kdc-send-hook-set-a-kdc-pre-send-hook-function}\label{appdev/refs/api/krb5_set_kdc_send_hook::doc}\index{krb5\_set\_kdc\_send\_hook (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_kdc_send_hook:c.krb5_set_kdc_send_hook}\pysiglinewithargsret{void \bfcode{krb5\_set\_kdc\_send\_hook}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_pre_send_fn:c.krb5_pre_send_fn]{krb5\_pre\_send\_fn}}\emph{Â send\_hook}, void *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{send\_hook} - Hook function (or NULL to disable the hook) + +\textbf{{[}in{]}} \textbf{data} - Callback data to be passed to \emph{send\_hook} + +\end{description}\end{quote} +\begin{quote} + +\emph{send\_hook} will be called before messages are sent to KDCs by library functions such as {\hyperref[appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials]{\code{krb5\_get\_credentials()}}} . The hook function may inspect, override, or synthesize its own reply to the message. +\end{quote} + +\begin{notice}{note}{Note:} +New in 1.15 +\end{notice} + + +\subsubsection{krb5\_set\_real\_time - Set time offset field in a krb5\_context structure.} +\label{appdev/refs/api/krb5_set_real_time::doc}\label{appdev/refs/api/krb5_set_real_time:krb5-set-real-time-set-time-offset-field-in-a-krb5-context-structure}\index{krb5\_set\_real\_time (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_set_real_time:c.krb5_set_real_time}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_set\_real\_time}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â seconds}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â microseconds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{seconds} - Real time, seconds portion + +\textbf{{[}in{]}} \textbf{microseconds} - Real time, microseconds portion + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function sets the time offset in \emph{context} to the difference between the system time and the real time as determined by \emph{seconds} and \emph{microseconds} . + + +\subsubsection{krb5\_string\_to\_cksumtype - Convert a string to a checksum type.} +\label{appdev/refs/api/krb5_string_to_cksumtype:krb5-string-to-cksumtype-convert-a-string-to-a-checksum-type}\label{appdev/refs/api/krb5_string_to_cksumtype::doc}\index{krb5\_string\_to\_cksumtype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_cksumtype:c.krb5_string_to_cksumtype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_cksumtype}}{char *\emph{Â string}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}} *\emph{Â cksumtypep}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{string} - String to be converted + +\textbf{{[}out{]}} \textbf{cksumtypep} - Checksum type to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - EINVAL + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_string\_to\_deltat - Convert a string to a delta time value.} +\label{appdev/refs/api/krb5_string_to_deltat::doc}\label{appdev/refs/api/krb5_string_to_deltat:krb5-string-to-deltat-convert-a-string-to-a-delta-time-value}\index{krb5\_string\_to\_deltat (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_deltat:c.krb5_string_to_deltat}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_deltat}}{char *\emph{Â string}, {\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}} *\emph{Â deltatp}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{string} - String to be converted + +\textbf{{[}out{]}} \textbf{deltatp} - Delta time to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - KRB5\_DELTAT\_BADFORMAT + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_string\_to\_enctype - Convert a string to an encryption type.} +\label{appdev/refs/api/krb5_string_to_enctype::doc}\label{appdev/refs/api/krb5_string_to_enctype:krb5-string-to-enctype-convert-a-string-to-an-encryption-type}\index{krb5\_string\_to\_enctype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_enctype:c.krb5_string_to_enctype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_enctype}}{char *\emph{Â string}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â enctypep}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{string} - String to convert to an encryption type + +\textbf{{[}out{]}} \textbf{enctypep} - Encryption type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - EINVAL + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_string\_to\_salttype - Convert a string to a salt type.} +\label{appdev/refs/api/krb5_string_to_salttype:krb5-string-to-salttype-convert-a-string-to-a-salt-type}\label{appdev/refs/api/krb5_string_to_salttype::doc}\index{krb5\_string\_to\_salttype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_salttype:c.krb5_string_to_salttype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_salttype}}{char *\emph{Â string}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} *\emph{Â salttypep}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{string} - String to convert to an encryption type + +\textbf{{[}out{]}} \textbf{salttypep} - Salt type to be filled in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - EINVAL + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_string\_to\_timestamp - Convert a string to a timestamp.} +\label{appdev/refs/api/krb5_string_to_timestamp::doc}\label{appdev/refs/api/krb5_string_to_timestamp:krb5-string-to-timestamp-convert-a-string-to-a-timestamp}\index{krb5\_string\_to\_timestamp (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_timestamp:c.krb5_string_to_timestamp}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_timestamp}}{char *\emph{Â string}, {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â timestampp}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{string} - String to be converted + +\textbf{{[}out{]}} \textbf{timestampp} - Pointer to timestamp + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - EINVAL + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_timeofday - Retrieve the current time with context specific time offset adjustment.} +\label{appdev/refs/api/krb5_timeofday:krb5-timeofday-retrieve-the-current-time-with-context-specific-time-offset-adjustment}\label{appdev/refs/api/krb5_timeofday::doc}\index{krb5\_timeofday (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_timeofday:c.krb5_timeofday}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_timeofday}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} *\emph{Â timeret}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{timeret} - Timestamp to fill in + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success + +\end{itemize} + +\item[{return}] \leavevmode\begin{itemize} +\item {} +Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function retrieves the system time of day with the context specific time offset adjustment. + + +\subsubsection{krb5\_timestamp\_to\_sfstring - Convert a timestamp to a string, with optional output padding.} +\label{appdev/refs/api/krb5_timestamp_to_sfstring:krb5-timestamp-to-sfstring-convert-a-timestamp-to-a-string-with-optional-output-padding}\label{appdev/refs/api/krb5_timestamp_to_sfstring::doc}\index{krb5\_timestamp\_to\_sfstring (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_timestamp_to_sfstring:c.krb5_timestamp_to_sfstring}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_timestamp\_to\_sfstring}}{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â timestamp}, char *\emph{Â buffer}, size\_t\emph{Â buflen}, char *\emph{Â pad}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{timestamp} - Timestamp to convert + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold the converted timestamp + +\textbf{{[}in{]}} \textbf{buflen} - Length of buffer + +\textbf{{[}in{]}} \textbf{pad} - Optional value to pad \emph{buffer} if converted timestamp does not fill it + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If \emph{pad} is not NULL, \emph{buffer} is padded out to \emph{buflen} - 1 characters with the value of * \emph{pad} . + + +\subsubsection{krb5\_timestamp\_to\_string - Convert a timestamp to a string.} +\label{appdev/refs/api/krb5_timestamp_to_string::doc}\label{appdev/refs/api/krb5_timestamp_to_string:krb5-timestamp-to-string-convert-a-timestamp-to-a-string}\index{krb5\_timestamp\_to\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_timestamp_to_string:c.krb5_timestamp_to_string}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_timestamp\_to\_string}}{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}}\emph{Â timestamp}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{timestamp} - Timestamp to convert + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold converted timestamp + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The string is returned in the locale's appropriate date and time representation. + + +\subsubsection{krb5\_tkt\_creds\_free - Free a TGS request context.} +\label{appdev/refs/api/krb5_tkt_creds_free::doc}\label{appdev/refs/api/krb5_tkt_creds_free:krb5-tkt-creds-free-free-a-tgs-request-context}\index{krb5\_tkt\_creds\_free (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_free:c.krb5_tkt_creds_free}\pysiglinewithargsret{void \bfcode{krb5\_tkt\_creds\_free}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}}\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - TGS request context + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_tkt\_creds\_get - Synchronously obtain credentials using a TGS request context.} +\label{appdev/refs/api/krb5_tkt_creds_get:krb5-tkt-creds-get-synchronously-obtain-credentials-using-a-tgs-request-context}\label{appdev/refs/api/krb5_tkt_creds_get::doc}\index{krb5\_tkt\_creds\_get (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_get:c.krb5_tkt_creds_get}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_tkt\_creds\_get}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}}\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - TGS request context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function synchronously obtains credentials using a context created by {\hyperref[appdev/refs/api/krb5_tkt_creds_init:c.krb5_tkt_creds_init]{\code{krb5\_tkt\_creds\_init()}}} . On successful return, the credentials can be retrieved with {\hyperref[appdev/refs/api/krb5_tkt_creds_get_creds:c.krb5_tkt_creds_get_creds]{\code{krb5\_tkt\_creds\_get\_creds()}}} . + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_tkt\_creds\_get\_creds - Retrieve acquired credentials from a TGS request context.} +\label{appdev/refs/api/krb5_tkt_creds_get_creds:krb5-tkt-creds-get-creds-retrieve-acquired-credentials-from-a-tgs-request-context}\label{appdev/refs/api/krb5_tkt_creds_get_creds::doc}\index{krb5\_tkt\_creds\_get\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_get_creds:c.krb5_tkt_creds_get_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_tkt\_creds\_get\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - TGS request context + +\textbf{{[}out{]}} \textbf{creds} - Acquired credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function copies the acquired initial credentials from \emph{ctx} into \emph{creds} , after the successful completion of {\hyperref[appdev/refs/api/krb5_tkt_creds_get:c.krb5_tkt_creds_get]{\code{krb5\_tkt\_creds\_get()}}} or {\hyperref[appdev/refs/api/krb5_tkt_creds_step:c.krb5_tkt_creds_step]{\code{krb5\_tkt\_creds\_step()}}} . Use {\hyperref[appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents]{\code{krb5\_free\_cred\_contents()}}} to free \emph{creds} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_tkt\_creds\_get\_times - Retrieve ticket times from a TGS request context.} +\label{appdev/refs/api/krb5_tkt_creds_get_times:krb5-tkt-creds-get-times-retrieve-ticket-times-from-a-tgs-request-context}\label{appdev/refs/api/krb5_tkt_creds_get_times::doc}\index{krb5\_tkt\_creds\_get\_times (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_get_times:c.krb5_tkt_creds_get_times}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_tkt\_creds\_get\_times}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} *\emph{Â times}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - TGS request context + +\textbf{{[}out{]}} \textbf{times} - Ticket times for acquired credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The TGS request context must have completed obtaining credentials via either {\hyperref[appdev/refs/api/krb5_tkt_creds_get:c.krb5_tkt_creds_get]{\code{krb5\_tkt\_creds\_get()}}} or {\hyperref[appdev/refs/api/krb5_tkt_creds_step:c.krb5_tkt_creds_step]{\code{krb5\_tkt\_creds\_step()}}} . + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_tkt\_creds\_init - Create a context to get credentials from a KDC's Ticket Granting Service.} +\label{appdev/refs/api/krb5_tkt_creds_init:krb5-tkt-creds-init-create-a-context-to-get-credentials-from-a-kdc-s-ticket-granting-service}\label{appdev/refs/api/krb5_tkt_creds_init::doc}\index{krb5\_tkt\_creds\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_init:c.krb5_tkt_creds_init}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_tkt\_creds\_init}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}} *\emph{Â ctx}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache handle + +\textbf{{[}in{]}} \textbf{creds} - Input credentials + +\textbf{{[}in{]}} \textbf{options} - \code{KRB5\_GC} options for this request. + +\textbf{{[}out{]}} \textbf{ctx} - New TGS request context + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function prepares to obtain credentials matching \emph{creds} , either by retrieving them from \emph{ccache} or by making requests to ticket-granting services beginning with a ticket-granting ticket for the client principal's realm. + +The resulting TGS acquisition context can be used asynchronously with {\hyperref[appdev/refs/api/krb5_tkt_creds_step:c.krb5_tkt_creds_step]{\code{krb5\_tkt\_creds\_step()}}} or synchronously with {\hyperref[appdev/refs/api/krb5_tkt_creds_get:c.krb5_tkt_creds_get]{\code{krb5\_tkt\_creds\_get()}}} . See also {\hyperref[appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials]{\code{krb5\_get\_credentials()}}} for synchronous use. + +Use {\hyperref[appdev/refs/api/krb5_tkt_creds_free:c.krb5_tkt_creds_free]{\code{krb5\_tkt\_creds\_free()}}} to free \emph{ctx} when it is no longer needed. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_tkt\_creds\_step - Get the next KDC request in a TGS exchange.} +\label{appdev/refs/api/krb5_tkt_creds_step:krb5-tkt-creds-step-get-the-next-kdc-request-in-a-tgs-exchange}\label{appdev/refs/api/krb5_tkt_creds_step::doc}\index{krb5\_tkt\_creds\_step (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_tkt_creds_step:c.krb5_tkt_creds_step}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_tkt\_creds\_step}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context]{krb5\_tkt\_creds\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â in}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â out}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â realm}, unsigned int *\emph{Â flags}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{ctx} - TGS request context + +\textbf{{[}in{]}} \textbf{in} - KDC response (empty on the first call) + +\textbf{{[}out{]}} \textbf{out} - Next KDC request + +\textbf{{[}out{]}} \textbf{realm} - Realm for next KDC request + +\textbf{{[}out{]}} \textbf{flags} - Output flags + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function constructs the next KDC request for a TGS exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, \emph{in} should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. + +If more requests are needed, \emph{flags} will be set to {\hyperref[appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:KRB5_TKT_CREDS_STEP_FLAG_CONTINUE]{\code{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}}} and the next request will be placed in \emph{out} . If no more requests are needed, \emph{flags} will not contain {\hyperref[appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:KRB5_TKT_CREDS_STEP_FLAG_CONTINUE]{\code{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}}} and \emph{out} will be empty. + +If this function returns \textbf{KRB5KRB\_ERR\_RESPONSE\_TOO\_BIG} , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the TGS exchange has failed. + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_verify\_init\_creds - Verify initial credentials against a keytab.} +\label{appdev/refs/api/krb5_verify_init_creds:krb5-verify-init-creds-verify-initial-credentials-against-a-keytab}\label{appdev/refs/api/krb5_verify_init_creds::doc}\index{krb5\_verify\_init\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_verify\_init\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt]{krb5\_verify\_init\_creds\_opt}} *\emph{Â options}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{creds} - Initial credentials to be verified + +\textbf{{[}in{]}} \textbf{server} - Server principal (or NULL) + +\textbf{{[}in{]}} \textbf{keytab} - Key table (NULL to use default keytab) + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache for fetched creds (or NULL) + +\textbf{{[}in{]}} \textbf{options} - Verification options (NULL for default options) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function attempts to verify that \emph{creds} were obtained from a KDC with knowledge of a key in \emph{keytab} , or the default keytab if \emph{keytab} is NULL. If \emph{server} is provided, the highest-kvno key entry for that principal name is used to verify the credentials; otherwise, all unique''host''service principals in the keytab are tried. + +If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for \emph{server} , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see {\hyperref[appdev/refs/api/krb5_verify_init_creds_opt_init:c.krb5_verify_init_creds_opt_init]{\code{krb5\_verify\_init\_creds\_opt\_init()}}} and {\hyperref[appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:c.krb5_verify_init_creds_opt_set_ap_req_nofail]{\code{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail()}}} . + +If \emph{ccache} is NULL, any additional credentials fetched during the verification process will be destroyed. If \emph{ccache} points to NULL, a memory ccache will be created for the additional credentials and returned in \emph{ccache} . If \emph{ccache} points to a valid credential cache handle, the additional credentials will be stored in that cache. + + +\subsubsection{krb5\_verify\_init\_creds\_opt\_init - Initialize a credential verification options structure.} +\label{appdev/refs/api/krb5_verify_init_creds_opt_init:krb5-verify-init-creds-opt-init-initialize-a-credential-verification-options-structure}\label{appdev/refs/api/krb5_verify_init_creds_opt_init::doc}\index{krb5\_verify\_init\_creds\_opt\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_verify_init_creds_opt_init:c.krb5_verify_init_creds_opt_init}\pysiglinewithargsret{void \bfcode{krb5\_verify\_init\_creds\_opt\_init}}{{\hyperref[appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt]{krb5\_verify\_init\_creds\_opt}} *\emph{Â k5\_vic\_options}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{k5\_vic\_options} - Verification options structure + +\end{description}\end{quote} + + +\subsubsection{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail - Set whether credential verification is required.} +\label{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail::doc}\label{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:krb5-verify-init-creds-opt-set-ap-req-nofail-set-whether-credential-verification-is-required}\index{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:c.krb5_verify_init_creds_opt_set_ap_req_nofail}\pysiglinewithargsret{void \bfcode{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail}}{{\hyperref[appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt]{krb5\_verify\_init\_creds\_opt}} *\emph{Â k5\_vic\_options}, int\emph{Â ap\_req\_nofail}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{k5\_vic\_options} - Verification options structure + +\textbf{{[}in{]}} \textbf{ap\_req\_nofail} - Whether to require successful verification + +\end{description}\end{quote} + +This function determines how {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} behaves if no keytab information is available. If \emph{ap\_req\_nofail} is \textbf{FALSE} , verification will be skipped in this case and {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} will return successfully. If \emph{ap\_req\_nofail} is \textbf{TRUE} , {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} will not return successfully unless verification can be performed. + +If this function is not used, the behavior of {\hyperref[appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds]{\code{krb5\_verify\_init\_creds()}}} is determined through configuration. + + +\subsubsection{krb5\_vprepend\_error\_message - Add a prefix to the message for an error code using a va\_list.} +\label{appdev/refs/api/krb5_vprepend_error_message::doc}\label{appdev/refs/api/krb5_vprepend_error_message:krb5-vprepend-error-message-add-a-prefix-to-the-message-for-an-error-code-using-a-va-list}\index{krb5\_vprepend\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_vprepend_error_message:c.krb5_vprepend_error_message}\pysiglinewithargsret{void \bfcode{krb5\_vprepend\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, va\_list\emph{Â args}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Format string for error message prefix + +\textbf{{[}in{]}} \textbf{args} - List of vprintf(3) style arguments + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_prepend_error_message:c.krb5_prepend_error_message]{\code{krb5\_prepend\_error\_message()}}} , but uses a va\_list instead of variadic arguments. + + +\subsubsection{krb5\_vset\_error\_message - Set an extended error message for an error code using a va\_list.} +\label{appdev/refs/api/krb5_vset_error_message:krb5-vset-error-message-set-an-extended-error-message-for-an-error-code-using-a-va-list}\label{appdev/refs/api/krb5_vset_error_message::doc}\index{krb5\_vset\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_vset_error_message:c.krb5_vset_error_message}\pysiglinewithargsret{void \bfcode{krb5\_vset\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, va\_list\emph{Â args}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Error string for the error code + +\textbf{{[}in{]}} \textbf{args} - List of vprintf(3) style arguments + +\end{description}\end{quote} + + +\subsubsection{krb5\_vwrap\_error\_message - Add a prefix to a different error code's message using a va\_list.} +\label{appdev/refs/api/krb5_vwrap_error_message:krb5-vwrap-error-message-add-a-prefix-to-a-different-error-code-s-message-using-a-va-list}\label{appdev/refs/api/krb5_vwrap_error_message::doc}\index{krb5\_vwrap\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_vwrap_error_message:c.krb5_vwrap_error_message}\pysiglinewithargsret{void \bfcode{krb5\_vwrap\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â old\_code}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, va\_list\emph{Â args}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{old\_code} - Previous error code + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Format string for error message prefix + +\textbf{{[}in{]}} \textbf{args} - List of vprintf(3) style arguments + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_wrap_error_message:c.krb5_wrap_error_message]{\code{krb5\_wrap\_error\_message()}}} , but uses a va\_list instead of variadic arguments. + + +\subsubsection{krb5\_wrap\_error\_message - Add a prefix to a different error code's message.} +\label{appdev/refs/api/krb5_wrap_error_message:krb5-wrap-error-message-add-a-prefix-to-a-different-error-code-s-message}\label{appdev/refs/api/krb5_wrap_error_message::doc}\index{krb5\_wrap\_error\_message (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_wrap_error_message:c.krb5_wrap_error_message}\pysiglinewithargsret{void \bfcode{krb5\_wrap\_error\_message}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â ctx}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â old\_code}, {\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}}\emph{Â code}, const char *\emph{Â fmt}, ...}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctx} - Library context + +\textbf{{[}in{]}} \textbf{old\_code} - Previous error code + +\textbf{{[}in{]}} \textbf{code} - Error code + +\textbf{{[}in{]}} \textbf{fmt} - Format string for error message prefix + +\end{description}\end{quote} + +Format a message and prepend it to the message for \emph{old\_code} . The prefix will be separated from the old message with a colon and space. Set the resulting message as the extended error message for \emph{code} . + + +\subsection{Public interfaces that should not be called directly} +\label{appdev/refs/api/index:public-interfaces-that-should-not-be-called-directly} + +\subsubsection{krb5\_c\_block\_size - Return cipher block size.} +\label{appdev/refs/api/krb5_c_block_size:krb5-c-block-size-return-cipher-block-size}\label{appdev/refs/api/krb5_c_block_size::doc}\index{krb5\_c\_block\_size (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_block_size:c.krb5_c_block_size}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_block\_size}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t *\emph{Â blocksize}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}out{]}} \textbf{blocksize} - Block size for \emph{enctype} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_checksum\_length - Return the length of checksums for a checksum type.} +\label{appdev/refs/api/krb5_c_checksum_length:krb5-c-checksum-length-return-the-length-of-checksums-for-a-checksum-type}\label{appdev/refs/api/krb5_c_checksum_length::doc}\index{krb5\_c\_checksum\_length (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_checksum_length:c.krb5_c_checksum_length}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_checksum\_length}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, size\_t *\emph{Â length}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type + +\textbf{{[}out{]}} \textbf{length} - Checksum length + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_crypto\_length - Return a length of a message field specific to the encryption type.} +\label{appdev/refs/api/krb5_c_crypto_length:krb5-c-crypto-length-return-a-length-of-a-message-field-specific-to-the-encryption-type}\label{appdev/refs/api/krb5_c_crypto_length::doc}\index{krb5\_c\_crypto\_length (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_crypto_length:c.krb5_c_crypto_length}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_crypto\_length}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype]{krb5\_cryptotype}}\emph{Â type}, unsigned int *\emph{Â size}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{type} - Type field (See \code{KRB5\_CRYPTO\_TYPE} types) + +\textbf{{[}out{]}} \textbf{size} - Length of the \emph{type} specific to \emph{enctype} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_crypto\_length\_iov - Fill in lengths for header, trailer and padding in a IOV array.} +\label{appdev/refs/api/krb5_c_crypto_length_iov:krb5-c-crypto-length-iov-fill-in-lengths-for-header-trailer-and-padding-in-a-iov-array}\label{appdev/refs/api/krb5_c_crypto_length_iov::doc}\index{krb5\_c\_crypto\_length\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_crypto_length_iov:c.krb5_c_crypto_length_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_crypto\_length\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}inout{]}} \textbf{data} - IOV array + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Padding is set to the actual padding required based on the provided \emph{data} buffers. Typically this API is used after setting up the data buffers and {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY]{\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} buffers, but before actually allocating header, trailer and padding. + + +\subsubsection{krb5\_c\_decrypt - Decrypt data using a key (operates on keyblock).} +\label{appdev/refs/api/krb5_c_decrypt::doc}\label{appdev/refs/api/krb5_c_decrypt:krb5-c-decrypt-decrypt-data-using-a-key-operates-on-keyblock}\index{krb5\_c\_decrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_decrypt:c.krb5_c_decrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_decrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, const {\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}in{]}} \textbf{input} - Encrypted data + +\textbf{{[}out{]}} \textbf{output} - Decrypted data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function decrypts the data block \emph{input} and stores the output into \emph{output} . The actual decryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. + +\begin{notice}{note}{Note:} +The caller must initialize \emph{output} and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let {\hyperref[appdev/refs/api/krb5_c_decrypt:c.krb5_c_decrypt]{\code{krb5\_c\_decrypt()}}} trim \emph{output-\textgreater{}length} . For some enctypes, the resulting \emph{output-\textgreater{}length} may include padding bytes. +\end{notice} + + +\subsubsection{krb5\_c\_decrypt\_iov - Decrypt data in place supporting AEAD (operates on keyblock).} +\label{appdev/refs/api/krb5_c_decrypt_iov:krb5-c-decrypt-iov-decrypt-data-in-place-supporting-aead-operates-on-keyblock}\label{appdev/refs/api/krb5_c_decrypt_iov::doc}\index{krb5\_c\_decrypt\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_decrypt\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keyblock} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}inout{]}} \textbf{data} - IOV array. Modified in-place. + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function decrypts the data block \emph{data} and stores the output in-place. The actual decryption key will be derived from \emph{keyblock} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov]{\code{krb5\_c\_decrypt\_iov()}}} + + + +\begin{notice}{note}{Note:} +On return from a {\hyperref[appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov]{\code{krb5\_c\_decrypt\_iov()}}} call, the \emph{data-\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + +This function is similar to {\hyperref[appdev/refs/api/krb5_k_decrypt_iov:c.krb5_k_decrypt_iov]{\code{krb5\_k\_decrypt\_iov()}}} , but operates on keyblock \emph{keyblock} . +\end{notice} + + +\subsubsection{krb5\_c\_derive\_prfplus - Derive a key using some input data (via RFC 6113 PRF+).} +\label{appdev/refs/api/krb5_c_derive_prfplus::doc}\label{appdev/refs/api/krb5_c_derive_prfplus:krb5-c-derive-prfplus-derive-a-key-using-some-input-data-via-rfc-6113-prf}\index{krb5\_c\_derive\_prfplus (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_derive_prfplus:c.krb5_c_derive_prfplus}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_derive\_prfplus}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{k} - KDC contribution key + +\textbf{{[}in{]}} \textbf{input} - Input string + +\textbf{{[}in{]}} \textbf{enctype} - Output key enctype (or \textbf{ENCTYPE\_NULL} ) + +\textbf{{[}out{]}} \textbf{out} - Derived keyblock + +\end{description}\end{quote} + +This function uses PRF+ as defined in RFC 6113 to derive a key from another key and an input string. If \emph{enctype} is \textbf{ENCTYPE\_NULL} , the output key will have the same enctype as the input key. + + +\subsubsection{krb5\_c\_encrypt - Encrypt data using a key (operates on keyblock).} +\label{appdev/refs/api/krb5_c_encrypt::doc}\label{appdev/refs/api/krb5_c_encrypt:krb5-c-encrypt-encrypt-data-using-a-key-operates-on-keyblock}\index{krb5\_c\_encrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_encrypt:c.krb5_c_encrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_encrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}in{]}} \textbf{input} - Data to be encrypted + +\textbf{{[}out{]}} \textbf{output} - Encrypted data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function encrypts the data block \emph{input} and stores the output into \emph{output} . The actual encryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. + +\begin{notice}{note}{Note:} +The caller must initialize \emph{output} and allocate at least enough space for the result (using {\hyperref[appdev/refs/api/krb5_c_encrypt_length:c.krb5_c_encrypt_length]{\code{krb5\_c\_encrypt\_length()}}} to determine the amount of space needed). \emph{output-\textgreater{}length} will be set to the actual length of the ciphertext. +\end{notice} + + +\subsubsection{krb5\_c\_encrypt\_iov - Encrypt data in place supporting AEAD (operates on keyblock).} +\label{appdev/refs/api/krb5_c_encrypt_iov:krb5-c-encrypt-iov-encrypt-data-in-place-supporting-aead-operates-on-keyblock}\label{appdev/refs/api/krb5_c_encrypt_iov::doc}\index{krb5\_c\_encrypt\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_encrypt_iov:c.krb5_c_encrypt_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_encrypt\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keyblock} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}inout{]}} \textbf{data} - IOV array. Modified in-place. + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function encrypts the data block \emph{data} and stores the output in-place. The actual encryption key will be derived from \emph{keyblock} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov]{\code{krb5\_c\_decrypt\_iov()}}} + + + +\begin{notice}{note}{Note:} +On return from a {\hyperref[appdev/refs/api/krb5_c_encrypt_iov:c.krb5_c_encrypt_iov]{\code{krb5\_c\_encrypt\_iov()}}} call, the \emph{data-\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + +This function is similar to {\hyperref[appdev/refs/api/krb5_k_encrypt_iov:c.krb5_k_encrypt_iov]{\code{krb5\_k\_encrypt\_iov()}}} , but operates on keyblock \emph{keyblock} . +\end{notice} + + +\subsubsection{krb5\_c\_encrypt\_length - Compute encrypted data length.} +\label{appdev/refs/api/krb5_c_encrypt_length:krb5-c-encrypt-length-compute-encrypted-data-length}\label{appdev/refs/api/krb5_c_encrypt_length::doc}\index{krb5\_c\_encrypt\_length (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_encrypt_length:c.krb5_c_encrypt_length}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_encrypt\_length}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t\emph{Â inputlen}, size\_t *\emph{Â length}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{inputlen} - Length of the data to be encrypted + +\textbf{{[}out{]}} \textbf{length} - Length of the encrypted data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function computes the length of the ciphertext produced by encrypting \emph{inputlen} bytes including padding, confounder, and checksum. + + +\subsubsection{krb5\_c\_enctype\_compare - Compare two encryption types.} +\label{appdev/refs/api/krb5_c_enctype_compare::doc}\label{appdev/refs/api/krb5_c_enctype_compare:krb5-c-enctype-compare-compare-two-encryption-types}\index{krb5\_c\_enctype\_compare (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_enctype_compare:c.krb5_c_enctype_compare}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_enctype\_compare}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â e1}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â e2}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} *\emph{Â similar}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{e1} - First encryption type + +\textbf{{[}in{]}} \textbf{e2} - Second encryption type + +\textbf{{[}out{]}} \textbf{similar} - \textbf{TRUE} if types are similar, \textbf{FALSE} if not + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function determines whether two encryption types use the same kind of keys. + + +\subsubsection{krb5\_c\_free\_state - Free a cipher state previously allocated by krb5\_c\_init\_state() .} +\label{appdev/refs/api/krb5_c_free_state:krb5-c-free-state-free-a-cipher-state-previously-allocated-by-krb5-c-init-state}\label{appdev/refs/api/krb5_c_free_state::doc}\index{krb5\_c\_free\_state (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_free_state:c.krb5_c_free_state}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_free\_state}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â state}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Key + +\textbf{{[}in{]}} \textbf{state} - Cipher state to be freed + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_fx\_cf2\_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.} +\label{appdev/refs/api/krb5_c_fx_cf2_simple:krb5-c-fx-cf2-simple-compute-the-krb-fx-cf2-combination-of-two-keys-and-pepper-strings}\label{appdev/refs/api/krb5_c_fx_cf2_simple::doc}\index{krb5\_c\_fx\_cf2\_simple (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_fx_cf2_simple:c.krb5_c_fx_cf2_simple}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_fx\_cf2\_simple}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k1}, const char *\emph{Â pepper1}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k2}, const char *\emph{Â pepper2}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{k1} - KDC contribution key + +\textbf{{[}in{]}} \textbf{pepper1} - String''PKINIT'' + +\textbf{{[}in{]}} \textbf{k2} - Reply key + +\textbf{{[}in{]}} \textbf{pepper2} - String''KeyExchange'' + +\textbf{{[}out{]}} \textbf{out} - Output key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function computes the KRB-FX-CF2 function over its inputs and places the results in a newly allocated keyblock. This function is simple in that it assumes that \emph{pepper1} and \emph{pepper2} are C strings with no internal nulls and that the enctype of the result will be the same as that of \emph{k1} . \emph{k1} and \emph{k2} may be of different enctypes. + + +\subsubsection{krb5\_c\_init\_state - Initialize a new cipher state.} +\label{appdev/refs/api/krb5_c_init_state:krb5-c-init-state-initialize-a-new-cipher-state}\label{appdev/refs/api/krb5_c_init_state::doc}\index{krb5\_c\_init\_state (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_init_state:c.krb5_c_init_state}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_init\_state}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â new\_state}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}out{]}} \textbf{new\_state} - New cipher state + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_is\_coll\_proof\_cksum - Test whether a checksum type is collision-proof.} +\label{appdev/refs/api/krb5_c_is_coll_proof_cksum:krb5-c-is-coll-proof-cksum-test-whether-a-checksum-type-is-collision-proof}\label{appdev/refs/api/krb5_c_is_coll_proof_cksum::doc}\index{krb5\_c\_is\_coll\_proof\_cksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_is_coll_proof_cksum:c.krb5_c_is_coll_proof_cksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_c\_is\_coll\_proof\_cksum}}{{\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctype} - Checksum type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if ctype is collision-proof, FALSE if it is not collision-proof or not a valid checksum type. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_is\_keyed\_cksum - Test whether a checksum type is keyed.} +\label{appdev/refs/api/krb5_c_is_keyed_cksum::doc}\label{appdev/refs/api/krb5_c_is_keyed_cksum:krb5-c-is-keyed-cksum-test-whether-a-checksum-type-is-keyed}\index{krb5\_c\_is\_keyed\_cksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_is_keyed_cksum:c.krb5_c_is_keyed_cksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_c\_is\_keyed\_cksum}}{{\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctype} - Checksum type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if ctype is a keyed checksum type, FALSE otherwise. + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_keyed\_checksum\_types - Return a list of keyed checksum types usable with an encryption type.} +\label{appdev/refs/api/krb5_c_keyed_checksum_types::doc}\label{appdev/refs/api/krb5_c_keyed_checksum_types:krb5-c-keyed-checksum-types-return-a-list-of-keyed-checksum-types-usable-with-an-encryption-type}\index{krb5\_c\_keyed\_checksum\_types (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_keyed_checksum_types:c.krb5_c_keyed_checksum_types}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_keyed\_checksum\_types}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, unsigned int *\emph{Â count}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}} **\emph{Â cksumtypes}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}out{]}} \textbf{count} - Count of allowable checksum types + +\textbf{{[}out{]}} \textbf{cksumtypes} - Array of allowable checksum types + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_cksumtypes:c.krb5_free_cksumtypes]{\code{krb5\_free\_cksumtypes()}}} to free \emph{cksumtypes} when it is no longer needed. + + +\subsubsection{krb5\_c\_keylengths - Return length of the specified key in bytes.} +\label{appdev/refs/api/krb5_c_keylengths::doc}\label{appdev/refs/api/krb5_c_keylengths:krb5-c-keylengths-return-length-of-the-specified-key-in-bytes}\index{krb5\_c\_keylengths (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_keylengths:c.krb5_c_keylengths}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_keylengths}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t *\emph{Â keybytes}, size\_t *\emph{Â keylength}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}out{]}} \textbf{keybytes} - Number of bytes required to make a key + +\textbf{{[}out{]}} \textbf{keylength} - Length of final key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_make\_checksum - Compute a checksum (operates on keyblock).} +\label{appdev/refs/api/krb5_c_make_checksum::doc}\label{appdev/refs/api/krb5_c_make_checksum:krb5-c-make-checksum-compute-a-checksum-operates-on-keyblock}\index{krb5\_c\_make\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_make_checksum:c.krb5_c_make_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_make\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â cksum}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{input} - Input data + +\textbf{{[}out{]}} \textbf{cksum} - Generated checksum + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function computes a checksum of type \emph{cksumtype} over \emph{input} , using \emph{key} if the checksum type is a keyed checksum. If \emph{cksumtype} is 0 and \emph{key} is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the checksum type. The newly created \emph{cksum} must be released by calling {\hyperref[appdev/refs/api/krb5_free_checksum_contents:c.krb5_free_checksum_contents]{\code{krb5\_free\_checksum\_contents()}}} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_verify_checksum:c.krb5_c_verify_checksum]{\code{krb5\_c\_verify\_checksum()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_k_make_checksum:c.krb5_k_make_checksum]{\code{krb5\_k\_make\_checksum()}}} , but operates on keyblock \emph{key} . +\end{notice} + + +\subsubsection{krb5\_c\_make\_checksum\_iov - Fill in a checksum element in IOV array (operates on keyblock)} +\label{appdev/refs/api/krb5_c_make_checksum_iov:krb5-c-make-checksum-iov-fill-in-a-checksum-element-in-iov-array-operates-on-keyblock}\label{appdev/refs/api/krb5_c_make_checksum_iov::doc}\index{krb5\_c\_make\_checksum\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_make_checksum_iov:c.krb5_c_make_checksum_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_make\_checksum\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{data} - IOV array + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Create a checksum in the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} element over {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA]{\code{KRB5\_CRYPTO\_TYPE\_DATA}}} and {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY]{\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} chunks in \emph{data} . Only the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} region is modified. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_verify_checksum_iov:c.krb5_c_verify_checksum_iov]{\code{krb5\_c\_verify\_checksum\_iov()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_k_make_checksum_iov:c.krb5_k_make_checksum_iov]{\code{krb5\_k\_make\_checksum\_iov()}}} , but operates on keyblock \emph{key} . +\end{notice} + + +\subsubsection{krb5\_c\_make\_random\_key - Generate an enctype-specific random encryption key.} +\label{appdev/refs/api/krb5_c_make_random_key:krb5-c-make-random-key-generate-an-enctype-specific-random-encryption-key}\label{appdev/refs/api/krb5_c_make_random_key::doc}\index{krb5\_c\_make\_random\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_make_random_key:c.krb5_c_make_random_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_make\_random\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k5\_random\_key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type of the generated key + +\textbf{{[}out{]}} \textbf{k5\_random\_key} - An allocated and initialized keyblock + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents]{\code{krb5\_free\_keyblock\_contents()}}} to free \emph{k5\_random\_key} when no longer needed. + + +\subsubsection{krb5\_c\_padding\_length - Return a number of padding octets.} +\label{appdev/refs/api/krb5_c_padding_length:krb5-c-padding-length-return-a-number-of-padding-octets}\label{appdev/refs/api/krb5_c_padding_length::doc}\index{krb5\_c\_padding\_length (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_padding_length:c.krb5_c_padding_length}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_padding\_length}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t\emph{Â data\_length}, unsigned int *\emph{Â size}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{data\_length} - Length of the plaintext to pad + +\textbf{{[}out{]}} \textbf{size} - Number of padding octets + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - KRB5\_BAD\_ENCTYPE + +\end{itemize} + +\end{description}\end{quote} + +This function returns the number of the padding octets required to pad \emph{data\_length} octets of plaintext. + + +\subsubsection{krb5\_c\_prf - Generate enctype-specific pseudo-random bytes.} +\label{appdev/refs/api/krb5_c_prf:krb5-c-prf-generate-enctype-specific-pseudo-random-bytes}\label{appdev/refs/api/krb5_c_prf::doc}\index{krb5\_c\_prf (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_prf:c.krb5_c_prf}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_prf}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{keyblock} - Key + +\textbf{{[}in{]}} \textbf{input} - Input data + +\textbf{{[}out{]}} \textbf{output} - Output data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function selects a pseudo-random function based on \emph{keyblock} and computes its value over \emph{input} , placing the result into \emph{output} . The caller must preinitialize \emph{output} and allocate space for the result, using {\hyperref[appdev/refs/api/krb5_c_prf_length:c.krb5_c_prf_length]{\code{krb5\_c\_prf\_length()}}} to determine the required length. + + +\subsubsection{krb5\_c\_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+.} +\label{appdev/refs/api/krb5_c_prfplus:krb5-c-prfplus-generate-pseudo-random-bytes-using-rfc-6113-prf}\label{appdev/refs/api/krb5_c_prfplus::doc}\index{krb5\_c\_prfplus (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_prfplus:c.krb5_c_prfplus}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_prfplus}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{k} - KDC contribution key + +\textbf{{[}in{]}} \textbf{input} - Input data + +\textbf{{[}out{]}} \textbf{output} - Pseudo-random output buffer + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +0 on success, E2BIG if output-\textgreater{}length is too large for PRF+ to generate, ENOMEM on allocation failure, or an error code from krb5\_c\_prf() + +\end{itemize} + +\end{description}\end{quote} + +This function fills \emph{output} with PRF+(k, input) as defined in RFC 6113 section 5.1. The caller must preinitialize \emph{output} and allocate the desired amount of space. The length of the pseudo-random output will match the length of \emph{output} . + +\begin{notice}{note}{Note:} +RFC 4402 defines a different PRF+ operation. This function does not implement that operation. +\end{notice} + + +\subsubsection{krb5\_c\_prf\_length - Get the output length of pseudo-random functions for an encryption type.} +\label{appdev/refs/api/krb5_c_prf_length::doc}\label{appdev/refs/api/krb5_c_prf_length:krb5-c-prf-length-get-the-output-length-of-pseudo-random-functions-for-an-encryption-type}\index{krb5\_c\_prf\_length (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_prf_length:c.krb5_c_prf_length}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_prf\_length}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, size\_t *\emph{Â len}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}out{]}} \textbf{len} - Length of PRF output + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_random\_add\_entropy - Add entropy to the pseudo-random number generator.} +\label{appdev/refs/api/krb5_c_random_add_entropy::doc}\label{appdev/refs/api/krb5_c_random_add_entropy:krb5-c-random-add-entropy-add-entropy-to-the-pseudo-random-number-generator}\index{krb5\_c\_random\_add\_entropy (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_random_add_entropy:c.krb5_c_random_add_entropy}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_random\_add\_entropy}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, unsigned int\emph{Â randsource}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{randsource} - Entropy source (see KRB5\_RANDSOURCE types) + +\textbf{{[}in{]}} \textbf{data} - Data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Contribute entropy to the PRNG used by krb5 crypto operations. This may or may not affect the output of the next crypto operation requiring random data. + + +\subsubsection{krb5\_c\_random\_make\_octets - Generate pseudo-random bytes.} +\label{appdev/refs/api/krb5_c_random_make_octets::doc}\label{appdev/refs/api/krb5_c_random_make_octets:krb5-c-random-make-octets-generate-pseudo-random-bytes}\index{krb5\_c\_random\_make\_octets (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_random_make_octets:c.krb5_c_random_make_octets}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_random\_make\_octets}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}out{]}} \textbf{data} - Random data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Fills in \emph{data} with bytes from the PRNG used by krb5 crypto operations. The caller must preinitialize \emph{data} and allocate the desired amount of space. + + +\subsubsection{krb5\_c\_random\_os\_entropy - Collect entropy from the OS if possible.} +\label{appdev/refs/api/krb5_c_random_os_entropy:krb5-c-random-os-entropy-collect-entropy-from-the-os-if-possible}\label{appdev/refs/api/krb5_c_random_os_entropy::doc}\index{krb5\_c\_random\_os\_entropy (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_random_os_entropy:c.krb5_c_random_os_entropy}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_random\_os\_entropy}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, int\emph{Â strong}, int *\emph{Â success}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{strong} - Strongest available source of entropy + +\textbf{{[}out{]}} \textbf{success} - 1 if OS provides entropy, 0 otherwise + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If \emph{strong} is non-zero, this function attempts to use the strongest available source of entropy. Setting this flag may cause the function to block on some operating systems. Good uses include seeding the PRNG for kadmind and realm setup. + + +\subsubsection{krb5\_c\_random\_to\_key - Generate an enctype-specific key from random data.} +\label{appdev/refs/api/krb5_c_random_to_key:krb5-c-random-to-key-generate-an-enctype-specific-key-from-random-data}\label{appdev/refs/api/krb5_c_random_to_key::doc}\index{krb5\_c\_random\_to\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_random_to_key:c.krb5_c_random_to_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_random\_to\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â random\_data}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â k5\_random\_key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{random\_data} - Random input data + +\textbf{{[}out{]}} \textbf{k5\_random\_key} - Resulting key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function takes random input data \emph{random\_data} and produces a valid key \emph{k5\_random\_key} for a given \emph{enctype} . + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_keylengths:c.krb5_c_keylengths]{\code{krb5\_c\_keylengths()}}} + + + +\begin{notice}{note}{Note:} +It is assumed that \emph{k5\_random\_key} has already been initialized and \emph{k5\_random\_key-\textgreater{}contents} has been allocated with the correct length. +\end{notice} + + +\subsubsection{krb5\_c\_string\_to\_key - Convert a string (such a password) to a key.} +\label{appdev/refs/api/krb5_c_string_to_key:krb5-c-string-to-key-convert-a-string-such-a-password-to-a-key}\label{appdev/refs/api/krb5_c_string_to_key::doc}\index{krb5\_c\_string\_to\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_string_to_key:c.krb5_c_string_to_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_string\_to\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â string}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â salt}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{string} - String to be converted + +\textbf{{[}in{]}} \textbf{salt} - Salt value + +\textbf{{[}out{]}} \textbf{key} - Generated key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function converts \emph{string} to a \emph{key} of encryption type \emph{enctype} , using the specified \emph{salt} . The newly created \emph{key} must be released by calling {\hyperref[appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents]{\code{krb5\_free\_keyblock\_contents()}}} when it is no longer needed. + + +\subsubsection{krb5\_c\_string\_to\_key\_with\_params - Convert a string (such as a password) to a key with additional parameters.} +\label{appdev/refs/api/krb5_c_string_to_key_with_params::doc}\label{appdev/refs/api/krb5_c_string_to_key_with_params:krb5-c-string-to-key-with-params-convert-a-string-such-as-a-password-to-a-key-with-additional-parameters}\index{krb5\_c\_string\_to\_key\_with\_params (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_string_to_key_with_params:c.krb5_c_string_to_key_with_params}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_string\_to\_key\_with\_params}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â string}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â salt}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â params}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{string} - String to be converted + +\textbf{{[}in{]}} \textbf{salt} - Salt value + +\textbf{{[}in{]}} \textbf{params} - Parameters + +\textbf{{[}out{]}} \textbf{key} - Generated key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_c_string_to_key:c.krb5_c_string_to_key]{\code{krb5\_c\_string\_to\_key()}}} , but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created \emph{key} must be released by calling {\hyperref[appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents]{\code{krb5\_free\_keyblock\_contents()}}} when it is no longer needed. + + +\subsubsection{krb5\_c\_valid\_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type.} +\label{appdev/refs/api/krb5_c_valid_cksumtype:krb5-c-valid-cksumtype-verify-that-specified-checksum-type-is-a-valid-kerberos-checksum-type}\label{appdev/refs/api/krb5_c_valid_cksumtype::doc}\index{krb5\_c\_valid\_cksumtype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_valid_cksumtype:c.krb5_c_valid_cksumtype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_c\_valid\_cksumtype}}{{\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ctype} - Checksum type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if ctype is valid, FALSE if not + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_valid\_enctype - Verify that a specified encryption type is a valid Kerberos encryption type.} +\label{appdev/refs/api/krb5_c_valid_enctype:krb5-c-valid-enctype-verify-that-a-specified-encryption-type-is-a-valid-kerberos-encryption-type}\label{appdev/refs/api/krb5_c_valid_enctype::doc}\index{krb5\_c\_valid\_enctype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_valid_enctype:c.krb5_c_valid_enctype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_c\_valid\_enctype}}{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â ktype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{ktype} - Encryption type + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{return}] \leavevmode\begin{itemize} +\item {} +TRUE if ktype is valid, FALSE if not + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_c\_verify\_checksum - Verify a checksum (operates on keyblock).} +\label{appdev/refs/api/krb5_c_verify_checksum:krb5-c-verify-checksum-verify-a-checksum-operates-on-keyblock}\label{appdev/refs/api/krb5_c_verify_checksum::doc}\index{krb5\_c\_verify\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_verify_checksum:c.krb5_c_verify_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_verify\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}, const {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â cksum}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} *\emph{Â valid}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - \emph{key} usage + +\textbf{{[}in{]}} \textbf{data} - Data to be used to compute a new checksum using \emph{key} to compare \emph{cksum} against + +\textbf{{[}in{]}} \textbf{cksum} - Checksum to be verified + +\textbf{{[}out{]}} \textbf{valid} - Non-zero for success, zero for failure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function verifies that \emph{cksum} is a valid checksum for \emph{data} . If the checksum type of \emph{cksum} is a keyed checksum, \emph{key} is used to verify the checksum. If the checksum type in \emph{cksum} is 0 and \emph{key} is not NULL, the mandatory checksum type for \emph{key} will be used. The actual checksum key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the checksum type. + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_k_verify_checksum:c.krb5_k_verify_checksum]{\code{krb5\_k\_verify\_checksum()}}} , but operates on keyblock \emph{key} . +\end{notice} + + +\subsubsection{krb5\_c\_verify\_checksum\_iov - Validate a checksum element in IOV array (operates on keyblock).} +\label{appdev/refs/api/krb5_c_verify_checksum_iov::doc}\label{appdev/refs/api/krb5_c_verify_checksum_iov:krb5-c-verify-checksum-iov-validate-a-checksum-element-in-iov-array-operates-on-keyblock}\index{krb5\_c\_verify\_checksum\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_verify_checksum_iov:c.krb5_c_verify_checksum_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_verify\_checksum\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} *\emph{Â valid}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{data} - IOV array + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\textbf{{[}out{]}} \textbf{valid} - Non-zero for success, zero for failure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Confirm that the checksum in the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} element is a valid checksum of the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA]{\code{KRB5\_CRYPTO\_TYPE\_DATA}}} and {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY]{\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} regions in the iov. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_make_checksum_iov:c.krb5_c_make_checksum_iov]{\code{krb5\_c\_make\_checksum\_iov()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_k_verify_checksum_iov:c.krb5_k_verify_checksum_iov]{\code{krb5\_k\_verify\_checksum\_iov()}}} , but operates on keyblock \emph{key} . +\end{notice} + + +\subsubsection{krb5\_cksumtype\_to\_string - Convert a checksum type to a string.} +\label{appdev/refs/api/krb5_cksumtype_to_string::doc}\label{appdev/refs/api/krb5_cksumtype_to_string:krb5-cksumtype-to-string-convert-a-checksum-type-to-a-string}\index{krb5\_cksumtype\_to\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cksumtype_to_string:c.krb5_cksumtype_to_string}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cksumtype\_to\_string}}{{\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold converted checksum type + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_decode\_authdata\_container - Unwrap authorization data.} +\label{appdev/refs/api/krb5_decode_authdata_container::doc}\label{appdev/refs/api/krb5_decode_authdata_container:krb5-decode-authdata-container-unwrap-authorization-data}\index{krb5\_decode\_authdata\_container (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_decode_authdata_container:c.krb5_decode_authdata_container}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_decode\_authdata\_container}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype]{krb5\_authdatatype}}\emph{Â type}, const {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *\emph{Â container}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â authdata}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{type} - \code{KRB5\_AUTHDATA} type of \emph{container} + +\textbf{{[}in{]}} \textbf{container} - Authorization data to be decoded + +\textbf{{[}out{]}} \textbf{authdata} - List of decoded authorization data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_encode_authdata_container:c.krb5_encode_authdata_container]{\code{krb5\_encode\_authdata\_container()}}} + + + + +\subsubsection{krb5\_decode\_ticket - Decode an ASN.1-formatted ticket.} +\label{appdev/refs/api/krb5_decode_ticket::doc}\label{appdev/refs/api/krb5_decode_ticket:krb5-decode-ticket-decode-an-asn-1-formatted-ticket}\index{krb5\_decode\_ticket (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_decode_ticket:c.krb5_decode_ticket}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_decode\_ticket}}{const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â code}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} **\emph{Â rep}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{code} - ASN.1-formatted ticket + +\textbf{{[}out{]}} \textbf{rep} - Decoded ticket information + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_deltat\_to\_string - Convert a relative time value to a string.} +\label{appdev/refs/api/krb5_deltat_to_string::doc}\label{appdev/refs/api/krb5_deltat_to_string:krb5-deltat-to-string-convert-a-relative-time-value-to-a-string}\index{krb5\_deltat\_to\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_deltat_to_string:c.krb5_deltat_to_string}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_deltat\_to\_string}}{{\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}}\emph{Â deltat}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{deltat} - Relative time value to convert + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold time string + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_encode\_authdata\_container - Wrap authorization data in a container.} +\label{appdev/refs/api/krb5_encode_authdata_container::doc}\label{appdev/refs/api/krb5_encode_authdata_container:krb5-encode-authdata-container-wrap-authorization-data-in-a-container}\index{krb5\_encode\_authdata\_container (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_encode_authdata_container:c.krb5_encode_authdata_container}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_encode\_authdata\_container}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype]{krb5\_authdatatype}}\emph{Â type}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} *const *\emph{Â authdata}, {\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ***\emph{Â container}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{type} - \code{KRB5\_AUTHDATA} type of \emph{container} + +\textbf{{[}in{]}} \textbf{authdata} - List of authorization data to be encoded + +\textbf{{[}out{]}} \textbf{container} - List of encoded authorization data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +The result is returned in \emph{container} as a single-element list. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_decode_authdata_container:c.krb5_decode_authdata_container]{\code{krb5\_decode\_authdata\_container()}}} + + + + +\subsubsection{krb5\_enctype\_to\_name - Convert an encryption type to a name or alias.} +\label{appdev/refs/api/krb5_enctype_to_name::doc}\label{appdev/refs/api/krb5_enctype_to_name:krb5-enctype-to-name-convert-an-encryption-type-to-a-name-or-alias}\index{krb5\_enctype\_to\_name (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_enctype_to_name:c.krb5_enctype_to_name}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_enctype\_to\_name}}{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}}\emph{Â shortest}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}in{]}} \textbf{shortest} - Flag + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold encryption type string + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +If \emph{shortest} is FALSE, this function returns the enctype's canonical name (like''aes128-cts-hmac-sha1-96''). If \emph{shortest} is TRUE, it return the enctype's shortest alias (like''aes128-cts''). + +\begin{notice}{note}{Note:} +New in 1.9 +\end{notice} + + +\subsubsection{krb5\_enctype\_to\_string - Convert an encryption type to a string.} +\label{appdev/refs/api/krb5_enctype_to_string::doc}\label{appdev/refs/api/krb5_enctype_to_string:krb5-enctype-to-string-convert-an-encryption-type-to-a-string}\index{krb5\_enctype\_to\_string (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_enctype_to_string:c.krb5_enctype_to_string}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_enctype\_to\_string}}{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}, char *\emph{Â buffer}, size\_t\emph{Â buflen}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{enctype} - Encryption type + +\textbf{{[}out{]}} \textbf{buffer} - Buffer to hold encryption type string + +\textbf{{[}in{]}} \textbf{buflen} - Storage available in \emph{buffer} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + + +\subsubsection{krb5\_free\_checksum - Free a krb5\_checksum structure.} +\label{appdev/refs/api/krb5_free_checksum:krb5-free-checksum-free-a-krb5-checksum-structure}\label{appdev/refs/api/krb5_free_checksum::doc}\index{krb5\_free\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_checksum:c.krb5_free_checksum}\pysiglinewithargsret{void \bfcode{krb5\_free\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Checksum structure to be freed + +\end{description}\end{quote} + +This function frees the contents of \emph{val} and the structure itself. + + +\subsubsection{krb5\_free\_checksum\_contents - Free the contents of a krb5\_checksum structure.} +\label{appdev/refs/api/krb5_free_checksum_contents:krb5-free-checksum-contents-free-the-contents-of-a-krb5-checksum-structure}\label{appdev/refs/api/krb5_free_checksum_contents::doc}\index{krb5\_free\_checksum\_contents (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_checksum_contents:c.krb5_free_checksum_contents}\pysiglinewithargsret{void \bfcode{krb5\_free\_checksum\_contents}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, register {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Checksum structure to free contents of + +\end{description}\end{quote} + +This function frees the contents of \emph{val} , but not the structure itself. + + +\subsubsection{krb5\_free\_cksumtypes - Free an array of checksum types.} +\label{appdev/refs/api/krb5_free_cksumtypes:krb5-free-cksumtypes-free-an-array-of-checksum-types}\label{appdev/refs/api/krb5_free_cksumtypes::doc}\index{krb5\_free\_cksumtypes (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_cksumtypes:c.krb5_free_cksumtypes}\pysiglinewithargsret{void \bfcode{krb5\_free\_cksumtypes}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}} *\emph{Â val}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{val} - Array of checksum types to be freed + +\end{description}\end{quote} + + +\subsubsection{krb5\_free\_tgt\_creds - Free an array of credential structures.} +\label{appdev/refs/api/krb5_free_tgt_creds::doc}\label{appdev/refs/api/krb5_free_tgt_creds:krb5-free-tgt-creds-free-an-array-of-credential-structures}\index{krb5\_free\_tgt\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_free_tgt_creds:c.krb5_free_tgt_creds}\pysiglinewithargsret{void \bfcode{krb5\_free\_tgt\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â tgts}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{tgts} - Null-terminated array of credentials to free + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +The last entry in the array \emph{tgts} must be a NULL pointer. +\end{notice} + + +\subsubsection{krb5\_k\_create\_key - Create a krb5\_key from the enctype and key data in a keyblock.} +\label{appdev/refs/api/krb5_k_create_key::doc}\label{appdev/refs/api/krb5_k_create_key:krb5-k-create-key-create-a-krb5-key-from-the-enctype-and-key-data-in-a-keyblock}\index{krb5\_k\_create\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_create_key:c.krb5_k_create_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_create\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key\_data}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}} *\emph{Â out}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key\_data} - Keyblock + +\textbf{{[}out{]}} \textbf{out} - Opaque key + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - KRB5\_BAD\_ENCTYPE + +\end{itemize} + +\end{description}\end{quote} + +The reference count on a key \emph{out} is set to 1. Use {\hyperref[appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key]{\code{krb5\_k\_free\_key()}}} to free \emph{out} when it is no longer needed. + + +\subsubsection{krb5\_k\_decrypt - Decrypt data using a key (operates on opaque key).} +\label{appdev/refs/api/krb5_k_decrypt:krb5-k-decrypt-decrypt-data-using-a-key-operates-on-opaque-key}\label{appdev/refs/api/krb5_k_decrypt::doc}\index{krb5\_k\_decrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_decrypt:c.krb5_k_decrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_decrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, const {\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}in{]}} \textbf{input} - Encrypted data + +\textbf{{[}out{]}} \textbf{output} - Decrypted data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function decrypts the data block \emph{input} and stores the output into \emph{output} . The actual decryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. + +\begin{notice}{note}{Note:} +The caller must initialize \emph{output} and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let {\hyperref[appdev/refs/api/krb5_c_decrypt:c.krb5_c_decrypt]{\code{krb5\_c\_decrypt()}}} trim \emph{output-\textgreater{}length} . For some enctypes, the resulting \emph{output-\textgreater{}length} may include padding bytes. +\end{notice} + + +\subsubsection{krb5\_k\_decrypt\_iov - Decrypt data in place supporting AEAD (operates on opaque key).} +\label{appdev/refs/api/krb5_k_decrypt_iov::doc}\label{appdev/refs/api/krb5_k_decrypt_iov:krb5-k-decrypt-iov-decrypt-data-in-place-supporting-aead-operates-on-opaque-key}\index{krb5\_k\_decrypt\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_decrypt_iov:c.krb5_k_decrypt_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_decrypt\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}inout{]}} \textbf{data} - IOV array. Modified in-place. + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function decrypts the data block \emph{data} and stores the output in-place. The actual decryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_k_encrypt_iov:c.krb5_k_encrypt_iov]{\code{krb5\_k\_encrypt\_iov()}}} + + + +\begin{notice}{note}{Note:} +On return from a {\hyperref[appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov]{\code{krb5\_c\_decrypt\_iov()}}} call, the \emph{data-\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + +This function is similar to {\hyperref[appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov]{\code{krb5\_c\_decrypt\_iov()}}} , but operates on opaque key \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_encrypt - Encrypt data using a key (operates on opaque key).} +\label{appdev/refs/api/krb5_k_encrypt:krb5-k-encrypt-encrypt-data-using-a-key-operates-on-opaque-key}\label{appdev/refs/api/krb5_k_encrypt::doc}\index{krb5\_k\_encrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_encrypt:c.krb5_k_encrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_encrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}in{]}} \textbf{input} - Data to be encrypted + +\textbf{{[}out{]}} \textbf{output} - Encrypted data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function encrypts the data block \emph{input} and stores the output into \emph{output} . The actual encryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. + +\begin{notice}{note}{Note:} +The caller must initialize \emph{output} and allocate at least enough space for the result (using {\hyperref[appdev/refs/api/krb5_c_encrypt_length:c.krb5_c_encrypt_length]{\code{krb5\_c\_encrypt\_length()}}} to determine the amount of space needed). \emph{output-\textgreater{}length} will be set to the actual length of the ciphertext. +\end{notice} + + +\subsubsection{krb5\_k\_encrypt\_iov - Encrypt data in place supporting AEAD (operates on opaque key).} +\label{appdev/refs/api/krb5_k_encrypt_iov::doc}\label{appdev/refs/api/krb5_k_encrypt_iov:krb5-k-encrypt-iov-encrypt-data-in-place-supporting-aead-operates-on-opaque-key}\index{krb5\_k\_encrypt\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_encrypt_iov:c.krb5_k_encrypt_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_encrypt\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â cipher\_state}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{cipher\_state} - Cipher state; specify NULL if not needed + +\textbf{{[}inout{]}} \textbf{data} - IOV array. Modified in-place. + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function encrypts the data block \emph{data} and stores the output in-place. The actual encryption key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the encryption type. If non-null, \emph{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_k_decrypt_iov:c.krb5_k_decrypt_iov]{\code{krb5\_k\_decrypt\_iov()}}} + + + +\begin{notice}{note}{Note:} +On return from a {\hyperref[appdev/refs/api/krb5_c_encrypt_iov:c.krb5_c_encrypt_iov]{\code{krb5\_c\_encrypt\_iov()}}} call, the \emph{data-\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + +This function is similar to {\hyperref[appdev/refs/api/krb5_c_encrypt_iov:c.krb5_c_encrypt_iov]{\code{krb5\_c\_encrypt\_iov()}}} , but operates on opaque key \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_free\_key - Decrement the reference count on a key and free it if it hits zero.} +\label{appdev/refs/api/krb5_k_free_key:krb5-k-free-key-decrement-the-reference-count-on-a-key-and-free-it-if-it-hits-zero}\label{appdev/refs/api/krb5_k_free_key::doc}\index{krb5\_k\_free\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key}\pysiglinewithargsret{void \bfcode{krb5\_k\_free\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{key} + +\end{description}\end{quote} + + +\subsubsection{krb5\_k\_key\_enctype - Retrieve the enctype of a krb5\_key structure.} +\label{appdev/refs/api/krb5_k_key_enctype::doc}\label{appdev/refs/api/krb5_k_key_enctype:krb5-k-key-enctype-retrieve-the-enctype-of-a-krb5-key-structure}\index{krb5\_k\_key\_enctype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_key_enctype:c.krb5_k_key_enctype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} \bfcode{krb5\_k\_key\_enctype}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{key} + +\end{description}\end{quote} + + +\subsubsection{krb5\_k\_key\_keyblock - Retrieve a copy of the keyblock from a krb5\_key structure.} +\label{appdev/refs/api/krb5_k_key_keyblock:krb5-k-key-keyblock-retrieve-a-copy-of-the-keyblock-from-a-krb5-key-structure}\label{appdev/refs/api/krb5_k_key_keyblock::doc}\index{krb5\_k\_key\_keyblock (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_key_keyblock:c.krb5_k_key_keyblock}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_key\_keyblock}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â key\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{key} + +\textbf{key\_data} + +\end{description}\end{quote} + + +\subsubsection{krb5\_k\_make\_checksum - Compute a checksum (operates on opaque key).} +\label{appdev/refs/api/krb5_k_make_checksum::doc}\label{appdev/refs/api/krb5_k_make_checksum:krb5-k-make-checksum-compute-a-checksum-operates-on-opaque-key}\index{krb5\_k\_make\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_make_checksum:c.krb5_k_make_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_make\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â cksum}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{input} - Input data + +\textbf{{[}out{]}} \textbf{cksum} - Generated checksum + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function computes a checksum of type \emph{cksumtype} over \emph{input} , using \emph{key} if the checksum type is a keyed checksum. If \emph{cksumtype} is 0 and \emph{key} is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the checksum type. The newly created \emph{cksum} must be released by calling {\hyperref[appdev/refs/api/krb5_free_checksum_contents:c.krb5_free_checksum_contents]{\code{krb5\_free\_checksum\_contents()}}} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_c_verify_checksum:c.krb5_c_verify_checksum]{\code{krb5\_c\_verify\_checksum()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_c_make_checksum:c.krb5_c_make_checksum]{\code{krb5\_c\_make\_checksum()}}} , but operates on opaque \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_make\_checksum\_iov - Fill in a checksum element in IOV array (operates on opaque key)} +\label{appdev/refs/api/krb5_k_make_checksum_iov::doc}\label{appdev/refs/api/krb5_k_make_checksum_iov:krb5-k-make-checksum-iov-fill-in-a-checksum-element-in-iov-array-operates-on-opaque-key}\index{krb5\_k\_make\_checksum\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_make_checksum_iov:c.krb5_k_make_checksum_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_make\_checksum\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}inout{]}} \textbf{data} - IOV array + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Create a checksum in the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} element over {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA]{\code{KRB5\_CRYPTO\_TYPE\_DATA}}} and {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY]{\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} chunks in \emph{data} . Only the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} region is modified. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_k_verify_checksum_iov:c.krb5_k_verify_checksum_iov]{\code{krb5\_k\_verify\_checksum\_iov()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_c_make_checksum_iov:c.krb5_c_make_checksum_iov]{\code{krb5\_c\_make\_checksum\_iov()}}} , but operates on opaque \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).} +\label{appdev/refs/api/krb5_k_prf:krb5-k-prf-generate-enctype-specific-pseudo-random-bytes-operates-on-opaque-key}\label{appdev/refs/api/krb5_k_prf::doc}\index{krb5\_k\_prf (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_prf:c.krb5_k_prf}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_prf}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â input}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â output}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Key + +\textbf{{[}in{]}} \textbf{input} - Input data + +\textbf{{[}out{]}} \textbf{output} - Output data + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function selects a pseudo-random function based on \emph{key} and computes its value over \emph{input} , placing the result into \emph{output} . The caller must preinitialize \emph{output} and allocate space for the result. + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_c_prf:c.krb5_c_prf]{\code{krb5\_c\_prf()}}} , but operates on opaque \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_reference\_key - Increment the reference count on a key.} +\label{appdev/refs/api/krb5_k_reference_key::doc}\label{appdev/refs/api/krb5_k_reference_key:krb5-k-reference-key-increment-the-reference-count-on-a-key}\index{krb5\_k\_reference\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_reference_key:c.krb5_k_reference_key}\pysiglinewithargsret{void \bfcode{krb5\_k\_reference\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{key} + +\end{description}\end{quote} + + +\subsubsection{krb5\_k\_verify\_checksum - Verify a checksum (operates on opaque key).} +\label{appdev/refs/api/krb5_k_verify_checksum::doc}\label{appdev/refs/api/krb5_k_verify_checksum:krb5-k-verify-checksum-verify-a-checksum-operates-on-opaque-key}\index{krb5\_k\_verify\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_verify_checksum:c.krb5_k_verify_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_verify\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}, const {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â cksum}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} *\emph{Â valid}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - \emph{key} usage + +\textbf{{[}in{]}} \textbf{data} - Data to be used to compute a new checksum using \emph{key} to compare \emph{cksum} against + +\textbf{{[}in{]}} \textbf{cksum} - Checksum to be verified + +\textbf{{[}out{]}} \textbf{valid} - Non-zero for success, zero for failure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function verifies that \emph{cksum} is a valid checksum for \emph{data} . If the checksum type of \emph{cksum} is a keyed checksum, \emph{key} is used to verify the checksum. If the checksum type in \emph{cksum} is 0 and \emph{key} is not NULL, the mandatory checksum type for \emph{key} will be used. The actual checksum key will be derived from \emph{key} and \emph{usage} if key derivation is specified for the checksum type. + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_c_verify_checksum:c.krb5_c_verify_checksum]{\code{krb5\_c\_verify\_checksum()}}} , but operates on opaque \emph{key} . +\end{notice} + + +\subsubsection{krb5\_k\_verify\_checksum\_iov - Validate a checksum element in IOV array (operates on opaque key).} +\label{appdev/refs/api/krb5_k_verify_checksum_iov:krb5-k-verify-checksum-iov-validate-a-checksum-element-in-iov-array-operates-on-opaque-key}\label{appdev/refs/api/krb5_k_verify_checksum_iov::doc}\index{krb5\_k\_verify\_checksum\_iov (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_k_verify_checksum_iov:c.krb5_k_verify_checksum_iov}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_k\_verify\_checksum\_iov}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â cksumtype}, {\hyperref[appdev/refs/types/krb5_key:c.krb5_key]{krb5\_key}}\emph{Â key}, {\hyperref[appdev/refs/types/krb5_keyusage:c.krb5_keyusage]{krb5\_keyusage}}\emph{Â usage}, const {\hyperref[appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov]{krb5\_crypto\_iov}} *\emph{Â data}, size\_t\emph{Â num\_data}, {\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} *\emph{Â valid}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}in{]}} \textbf{cksumtype} - Checksum type (0 for mandatory type) + +\textbf{{[}in{]}} \textbf{key} - Encryption key for a keyed checksum + +\textbf{{[}in{]}} \textbf{usage} - Key usage (see \code{KRB5\_KEYUSAGE} types) + +\textbf{{[}in{]}} \textbf{data} - IOV array + +\textbf{{[}in{]}} \textbf{num\_data} - Size of \emph{data} + +\textbf{{[}out{]}} \textbf{valid} - Non-zero for success, zero for failure + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +Confirm that the checksum in the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM]{\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} element is a valid checksum of the {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA]{\code{KRB5\_CRYPTO\_TYPE\_DATA}}} and {\hyperref[appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY]{\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} regions in the iov. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_k_make_checksum_iov:c.krb5_k_make_checksum_iov]{\code{krb5\_k\_make\_checksum\_iov()}}} + + + +\begin{notice}{note}{Note:} +This function is similar to {\hyperref[appdev/refs/api/krb5_c_verify_checksum_iov:c.krb5_c_verify_checksum_iov]{\code{krb5\_c\_verify\_checksum\_iov()}}} , but operates on opaque \emph{key} . +\end{notice} + + +\subsection{Legacy convenience interfaces} +\label{appdev/refs/api/index:legacy-convenience-interfaces} + +\subsubsection{krb5\_recvauth - Server function for sendauth protocol.} +\label{appdev/refs/api/krb5_recvauth::doc}\label{appdev/refs/api/krb5_recvauth:krb5-recvauth-server-function-for-sendauth-protocol}\index{krb5\_recvauth (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_recvauth:c.krb5_recvauth}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_recvauth}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â fd}, char *\emph{Â appl\_version}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} **\emph{Â ticket}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{fd} - File descriptor + +\textbf{{[}in{]}} \textbf{appl\_version} - Application protocol version to be matched against the client's application version + +\textbf{{[}in{]}} \textbf{server} - Server principal (NULL for any in \emph{keytab} ) + +\textbf{{[}in{]}} \textbf{flags} - Additional specifications + +\textbf{{[}in{]}} \textbf{keytab} - Key table containing service keys + +\textbf{{[}out{]}} \textbf{ticket} - Ticket (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function performs the server side of a sendauth/recvauth exchange by sending and receiving messages over \emph{fd} . + +Use {\hyperref[appdev/refs/api/krb5_free_ticket:c.krb5_free_ticket]{\code{krb5\_free\_ticket()}}} to free \emph{ticket} when it is no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_sendauth:c.krb5_sendauth]{\code{krb5\_sendauth()}}} + + + + +\subsubsection{krb5\_recvauth\_version - Server function for sendauth protocol with version parameter.} +\label{appdev/refs/api/krb5_recvauth_version::doc}\label{appdev/refs/api/krb5_recvauth_version:krb5-recvauth-version-server-function-for-sendauth-protocol-with-version-parameter}\index{krb5\_recvauth\_version (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_recvauth_version:c.krb5_recvauth_version}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_recvauth\_version}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â fd}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}}\emph{Â flags}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â keytab}, {\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} **\emph{Â ticket}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â version}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{fd} - File descriptor + +\textbf{{[}in{]}} \textbf{server} - Server principal (NULL for any in \emph{keytab} ) + +\textbf{{[}in{]}} \textbf{flags} - Additional specifications + +\textbf{{[}in{]}} \textbf{keytab} - Decryption key + +\textbf{{[}out{]}} \textbf{ticket} - Ticket (NULL if not needed) + +\textbf{{[}out{]}} \textbf{version} - sendauth protocol version (NULL if not needed) + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function is similar to {\hyperref[appdev/refs/api/krb5_recvauth:c.krb5_recvauth]{\code{krb5\_recvauth()}}} with the additional output information place into \emph{version} . + + +\subsubsection{krb5\_sendauth - Client function for sendauth protocol.} +\label{appdev/refs/api/krb5_sendauth:krb5-sendauth-client-function-for-sendauth-protocol}\label{appdev/refs/api/krb5_sendauth::doc}\index{krb5\_sendauth (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_sendauth:c.krb5_sendauth}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_sendauth}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}} *\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â fd}, char *\emph{Â appl\_version}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â client}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â server}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â ap\_req\_options}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â in\_data}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â in\_creds}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_error:c.krb5_error]{krb5\_error}} **\emph{Â error}, {\hyperref[appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part]{krb5\_ap\_rep\_enc\_part}} **\emph{Â rep\_result}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â out\_creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{{[}in{]}} \textbf{context} - Library context + +\textbf{{[}inout{]}} \textbf{auth\_context} - Pre-existing or newly created auth context + +\textbf{{[}in{]}} \textbf{fd} - File descriptor that describes network socket + +\textbf{{[}in{]}} \textbf{appl\_version} - Application protocol version to be matched with the receiver's application version + +\textbf{{[}in{]}} \textbf{client} - Client principal + +\textbf{{[}in{]}} \textbf{server} - Server principal + +\textbf{{[}in{]}} \textbf{ap\_req\_options} - \code{AP\_OPTS} options + +\textbf{{[}in{]}} \textbf{in\_data} - Data to be sent to the server + +\textbf{{[}in{]}} \textbf{in\_creds} - Input credentials, or NULL to use \emph{ccache} + +\textbf{{[}in{]}} \textbf{ccache} - Credential cache + +\textbf{{[}out{]}} \textbf{error} - If non-null, contains KRB\_ERROR message returned from server + +\textbf{{[}out{]}} \textbf{rep\_result} - If non-null and \emph{ap\_req\_options} is {\hyperref[appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED]{\code{AP\_OPTS\_MUTUAL\_REQUIRED}}} , contains the result of mutual authentication exchange + +\textbf{{[}out{]}} \textbf{out\_creds} - If non-null, the retrieved credentials + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +0 Success; otherwise - Kerberos error codes + +\end{itemize} + +\end{description}\end{quote} + +This function performs the client side of a sendauth/recvauth exchange by sending and receiving messages over \emph{fd} . + +Credentials may be specified in three ways: +\begin{quote} +\begin{itemize} +\item {} +If \emph{in\_creds} is NULL, credentials are obtained with {\hyperref[appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials]{\code{krb5\_get\_credentials()}}} using the principals \emph{client} and \emph{server} . \emph{server} must be non-null; \emph{client} may NULL to use the default principal of \emph{ccache} . + +\item {} +If \emph{in\_creds} is non-null, but does not contain a ticket, credentials for the exchange are obtained with {\hyperref[appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials]{\code{krb5\_get\_credentials()}}} using \emph{in\_creds} . In this case, the values of \emph{client} and \emph{server} are unused. + +\item {} +If \emph{in\_creds} is a complete credentials structure, it used directly. In this case, the values of \emph{client} , \emph{server} , and \emph{ccache} are unused. + +\end{itemize} + +If the server is using a different application protocol than that specified in \emph{appl\_version} , an error will be returned. +\end{quote} + +Use {\hyperref[appdev/refs/api/krb5_free_creds:c.krb5_free_creds]{\code{krb5\_free\_creds()}}} to free \emph{out\_creds} , {\hyperref[appdev/refs/api/krb5_free_ap_rep_enc_part:c.krb5_free_ap_rep_enc_part]{\code{krb5\_free\_ap\_rep\_enc\_part()}}} to free \emph{rep\_result} , and {\hyperref[appdev/refs/api/krb5_free_error:c.krb5_free_error]{\code{krb5\_free\_error()}}} to free \emph{error} when they are no longer needed. + + +\strong{See also:} + + +{\hyperref[appdev/refs/api/krb5_recvauth:c.krb5_recvauth]{\code{krb5\_recvauth()}}} + + + + +\subsection{Deprecated public interfaces} +\label{appdev/refs/api/index:deprecated-public-interfaces} + +\subsubsection{krb5\_524\_convert\_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.} +\label{appdev/refs/api/krb5_524_convert_creds:krb5-524-convert-creds-convert-a-kerberos-v5-credentials-to-a-kerberos-v4-credentials}\label{appdev/refs/api/krb5_524_convert_creds::doc}\index{krb5\_524\_convert\_creds (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_524_convert_creds:c.krb5_524_convert_creds}\pysiglinewithargsret{int \bfcode{krb5\_524\_convert\_creds}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â v5creds}, struct credentials *\emph{Â v4creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{v5creds} + +\textbf{v4creds} + +\end{description}\end{quote} +\begin{quote}\begin{description} +\item[{retval}] \leavevmode\begin{itemize} +\item {} +KRB524\_KRB4\_DISABLED (always) + +\end{itemize} + +\end{description}\end{quote} + +\begin{notice}{note}{Note:} +Not implemented +\end{notice} + + +\subsubsection{krb5\_auth\_con\_getlocalsubkey} +\label{appdev/refs/api/krb5_auth_con_getlocalsubkey::doc}\label{appdev/refs/api/krb5_auth_con_getlocalsubkey:krb5-auth-con-getlocalsubkey}\index{krb5\_auth\_con\_getlocalsubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getlocalsubkey:c.krb5_auth_con_getlocalsubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getlocalsubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{auth\_context} + +\textbf{keyblock} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_auth\_con\_getsendsubkey() . + + +\subsubsection{krb5\_auth\_con\_getremotesubkey} +\label{appdev/refs/api/krb5_auth_con_getremotesubkey::doc}\label{appdev/refs/api/krb5_auth_con_getremotesubkey:krb5-auth-con-getremotesubkey}\index{krb5\_auth\_con\_getremotesubkey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_getremotesubkey:c.krb5_auth_con_getremotesubkey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_getremotesubkey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{auth\_context} + +\textbf{keyblock} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_auth\_con\_getrecvsubkey() . + + +\subsubsection{krb5\_auth\_con\_initivector} +\label{appdev/refs/api/krb5_auth_con_initivector:krb5-auth-con-initivector}\label{appdev/refs/api/krb5_auth_con_initivector::doc}\index{krb5\_auth\_con\_initivector (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_auth_con_initivector:c.krb5_auth_con_initivector}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_auth\_con\_initivector}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_auth_context:c.krb5_auth_context]{krb5\_auth\_context}}\emph{Â auth\_context}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{auth\_context} + +\end{description}\end{quote} + +DEPRECATED Not replaced. + +RFC 4120 doesn't have anything like the initvector concept; only really old protocols may need this API. + + +\subsubsection{krb5\_build\_principal\_va} +\label{appdev/refs/api/krb5_build_principal_va:krb5-build-principal-va}\label{appdev/refs/api/krb5_build_principal_va::doc}\index{krb5\_build\_principal\_va (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_build_principal_va:c.krb5_build_principal_va}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_build\_principal\_va}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}}\emph{Â princ}, unsigned int\emph{Â rlen}, const char *\emph{Â realm}, va\_list\emph{Â ap}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{princ} + +\textbf{rlen} + +\textbf{realm} + +\textbf{ap} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_build\_principal\_alloc\_va() . + + +\subsubsection{krb5\_c\_random\_seed} +\label{appdev/refs/api/krb5_c_random_seed:krb5-c-random-seed}\label{appdev/refs/api/krb5_c_random_seed::doc}\index{krb5\_c\_random\_seed (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_c_random_seed:c.krb5_c_random_seed}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_c\_random\_seed}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{data} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_calculate\_checksum} +\label{appdev/refs/api/krb5_calculate_checksum:krb5-calculate-checksum}\label{appdev/refs/api/krb5_calculate_checksum::doc}\index{krb5\_calculate\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_calculate_checksum:c.krb5_calculate_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_calculate\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â in}, size\_t\emph{Â in\_length}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â seed}, size\_t\emph{Â seed\_length}, {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â outcksum}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{ctype} + +\textbf{in} + +\textbf{in\_length} + +\textbf{seed} + +\textbf{seed\_length} + +\textbf{outcksum} + +\end{description}\end{quote} + +DEPRECATED See krb5\_c\_make\_checksum() + + +\subsubsection{krb5\_checksum\_size} +\label{appdev/refs/api/krb5_checksum_size:krb5-checksum-size}\label{appdev/refs/api/krb5_checksum_size::doc}\index{krb5\_checksum\_size (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_checksum_size:c.krb5_checksum_size}\pysiglinewithargsret{size\_t \bfcode{krb5\_checksum\_size}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{ctype} + +\end{description}\end{quote} + +DEPRECATED See krb5\_c\_checksum\_length() + + +\subsubsection{krb5\_encrypt} +\label{appdev/refs/api/krb5_encrypt:krb5-encrypt}\label{appdev/refs/api/krb5_encrypt::doc}\index{krb5\_encrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_encrypt:c.krb5_encrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_encrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â inptr}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â outptr}, size\_t\emph{Â size}, {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â ivec}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{inptr} + +\textbf{outptr} + +\textbf{size} + +\textbf{eblock} + +\textbf{ivec} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_decrypt} +\label{appdev/refs/api/krb5_decrypt:krb5-decrypt}\label{appdev/refs/api/krb5_decrypt::doc}\index{krb5\_decrypt (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_decrypt:c.krb5_decrypt}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_decrypt}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â inptr}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â outptr}, size\_t\emph{Â size}, {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â ivec}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{inptr} + +\textbf{outptr} + +\textbf{size} + +\textbf{eblock} + +\textbf{ivec} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_eblock\_enctype} +\label{appdev/refs/api/krb5_eblock_enctype::doc}\label{appdev/refs/api/krb5_eblock_enctype:krb5-eblock-enctype}\index{krb5\_eblock\_enctype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_eblock_enctype:c.krb5_eblock_enctype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} \bfcode{krb5\_eblock\_enctype}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_encrypt\_size} +\label{appdev/refs/api/krb5_encrypt_size:krb5-encrypt-size}\label{appdev/refs/api/krb5_encrypt_size::doc}\index{krb5\_encrypt\_size (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_encrypt_size:c.krb5_encrypt_size}\pysiglinewithargsret{size\_t \bfcode{krb5\_encrypt\_size}}{size\_t\emph{Â length}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â crypto}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{length} + +\textbf{crypto} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_finish\_key} +\label{appdev/refs/api/krb5_finish_key:krb5-finish-key}\label{appdev/refs/api/krb5_finish_key::doc}\index{krb5\_finish\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_finish_key:c.krb5_finish_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_finish\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_finish\_random\_key} +\label{appdev/refs/api/krb5_finish_random_key:krb5-finish-random-key}\label{appdev/refs/api/krb5_finish_random_key::doc}\index{krb5\_finish\_random\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_finish_random_key:c.krb5_finish_random_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_finish\_random\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}} *\emph{Â ptr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{ptr} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_cc\_gen\_new} +\label{appdev/refs/api/krb5_cc_gen_new:krb5-cc-gen-new}\label{appdev/refs/api/krb5_cc_gen_new::doc}\index{krb5\_cc\_gen\_new (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_cc_gen_new:c.krb5_cc_gen_new}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_cc\_gen\_new}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}} *\emph{Â cache}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{cache} + +\end{description}\end{quote} + + +\subsubsection{krb5\_get\_credentials\_renew} +\label{appdev/refs/api/krb5_get_credentials_renew:krb5-get-credentials-renew}\label{appdev/refs/api/krb5_get_credentials_renew::doc}\index{krb5\_get\_credentials\_renew (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_credentials_renew:c.krb5_get_credentials_renew}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_credentials\_renew}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â in\_creds}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â out\_creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{options} + +\textbf{ccache} + +\textbf{in\_creds} + +\textbf{out\_creds} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_get\_renewed\_creds. + + +\subsubsection{krb5\_get\_credentials\_validate} +\label{appdev/refs/api/krb5_get_credentials_validate:krb5-get-credentials-validate}\label{appdev/refs/api/krb5_get_credentials_validate::doc}\index{krb5\_get\_credentials\_validate (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_credentials_validate:c.krb5_get_credentials_validate}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_credentials\_validate}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â in\_creds}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} **\emph{Â out\_creds}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{options} + +\textbf{ccache} + +\textbf{in\_creds} + +\textbf{out\_creds} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_get\_validated\_creds. + + +\subsubsection{krb5\_get\_in\_tkt\_with\_password} +\label{appdev/refs/api/krb5_get_in_tkt_with_password:krb5-get-in-tkt-with-password}\label{appdev/refs/api/krb5_get_in_tkt_with_password::doc}\index{krb5\_get\_in\_tkt\_with\_password (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_in_tkt_with_password:c.krb5_get_in_tkt_with_password}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_in\_tkt\_with\_password}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *const *\emph{Â addrs}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â ktypes}, {\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} *\emph{Â pre\_auth\_types}, const char *\emph{Â password}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep]{krb5\_kdc\_rep}} **\emph{Â ret\_as\_reply}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{options} + +\textbf{addrs} + +\textbf{ktypes} + +\textbf{pre\_auth\_types} + +\textbf{password} + +\textbf{ccache} + +\textbf{creds} + +\textbf{ret\_as\_reply} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_get\_init\_creds\_password() . + + +\subsubsection{krb5\_get\_in\_tkt\_with\_skey} +\label{appdev/refs/api/krb5_get_in_tkt_with_skey:krb5-get-in-tkt-with-skey}\label{appdev/refs/api/krb5_get_in_tkt_with_skey::doc}\index{krb5\_get\_in\_tkt\_with\_skey (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_in_tkt_with_skey:c.krb5_get_in_tkt_with_skey}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_in\_tkt\_with\_skey}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *const *\emph{Â addrs}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â ktypes}, {\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} *\emph{Â pre\_auth\_types}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep]{krb5\_kdc\_rep}} **\emph{Â ret\_as\_reply}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{options} + +\textbf{addrs} + +\textbf{ktypes} + +\textbf{pre\_auth\_types} + +\textbf{key} + +\textbf{ccache} + +\textbf{creds} + +\textbf{ret\_as\_reply} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_get\_init\_creds(). + + +\subsubsection{krb5\_get\_in\_tkt\_with\_keytab} +\label{appdev/refs/api/krb5_get_in_tkt_with_keytab:krb5-get-in-tkt-with-keytab}\label{appdev/refs/api/krb5_get_in_tkt_with_keytab::doc}\index{krb5\_get\_in\_tkt\_with\_keytab (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_in_tkt_with_keytab:c.krb5_get_in_tkt_with_keytab}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_get\_in\_tkt\_with\_keytab}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}}\emph{Â options}, {\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} *const *\emph{Â addrs}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} *\emph{Â ktypes}, {\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} *\emph{Â pre\_auth\_types}, {\hyperref[appdev/refs/types/krb5_keytab:c.krb5_keytab]{krb5\_keytab}}\emph{Â arg\_keytab}, {\hyperref[appdev/refs/types/krb5_ccache:c.krb5_ccache]{krb5\_ccache}}\emph{Â ccache}, {\hyperref[appdev/refs/types/krb5_creds:c.krb5_creds]{krb5\_creds}} *\emph{Â creds}, {\hyperref[appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep]{krb5\_kdc\_rep}} **\emph{Â ret\_as\_reply}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{options} + +\textbf{addrs} + +\textbf{ktypes} + +\textbf{pre\_auth\_types} + +\textbf{arg\_keytab} + +\textbf{ccache} + +\textbf{creds} + +\textbf{ret\_as\_reply} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_get\_init\_creds\_keytab() . + + +\subsubsection{krb5\_get\_init\_creds\_opt\_init} +\label{appdev/refs/api/krb5_get_init_creds_opt_init:krb5-get-init-creds-opt-init}\label{appdev/refs/api/krb5_get_init_creds_opt_init::doc}\index{krb5\_get\_init\_creds\_opt\_init (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_get_init_creds_opt_init:c.krb5_get_init_creds_opt_init}\pysiglinewithargsret{void \bfcode{krb5\_get\_init\_creds\_opt\_init}}{{\hyperref[appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt]{krb5\_get\_init\_creds\_opt}} *\emph{Â opt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{opt} + +\end{description}\end{quote} + +DEPRECATED Use krb5\_get\_init\_creds\_opt\_alloc() instead. + + +\subsubsection{krb5\_init\_random\_key} +\label{appdev/refs/api/krb5_init_random_key:krb5-init-random-key}\label{appdev/refs/api/krb5_init_random_key::doc}\index{krb5\_init\_random\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_init_random_key:c.krb5_init_random_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_init\_random\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}} *\emph{Â ptr}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{keyblock} + +\textbf{ptr} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_kt\_free\_entry} +\label{appdev/refs/api/krb5_kt_free_entry:krb5-kt-free-entry}\label{appdev/refs/api/krb5_kt_free_entry::doc}\index{krb5\_kt\_free\_entry (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_kt_free_entry:c.krb5_kt_free_entry}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_kt\_free\_entry}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry]{krb5\_keytab\_entry}} *\emph{Â entry}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{entry} + +\end{description}\end{quote} + +DEPRECATED Use krb5\_free\_keytab\_entry\_contents instead. + + +\subsubsection{krb5\_random\_key} +\label{appdev/refs/api/krb5_random_key:krb5-random-key}\label{appdev/refs/api/krb5_random_key::doc}\index{krb5\_random\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_random_key:c.krb5_random_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_random\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_pointer:c.krb5_pointer]{krb5\_pointer}}\emph{Â ptr}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} **\emph{Â keyblock}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{ptr} + +\textbf{keyblock} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_process\_key} +\label{appdev/refs/api/krb5_process_key:krb5-process-key}\label{appdev/refs/api/krb5_process_key::doc}\index{krb5\_process\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_process_key:c.krb5_process_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_process\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, const {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â key}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{key} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_string\_to\_key} +\label{appdev/refs/api/krb5_string_to_key:krb5-string-to-key}\label{appdev/refs/api/krb5_string_to_key::doc}\index{krb5\_string\_to\_key (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_string_to_key:c.krb5_string_to_key}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_string\_to\_key}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, const {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} *\emph{Â keyblock}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â data}, const {\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} *\emph{Â salt}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{keyblock} + +\textbf{data} + +\textbf{salt} + +\end{description}\end{quote} + +DEPRECATED See krb5\_c\_string\_to\_key() + + +\subsubsection{krb5\_use\_enctype} +\label{appdev/refs/api/krb5_use_enctype:krb5-use-enctype}\label{appdev/refs/api/krb5_use_enctype::doc}\index{krb5\_use\_enctype (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_use_enctype:c.krb5_use_enctype}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_use\_enctype}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block]{krb5\_encrypt\_block}} *\emph{Â eblock}, {\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}}\emph{Â enctype}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{eblock} + +\textbf{enctype} + +\end{description}\end{quote} + +DEPRECATED Replaced by krb5\_c\_* API family. + + +\subsubsection{krb5\_verify\_checksum} +\label{appdev/refs/api/krb5_verify_checksum::doc}\label{appdev/refs/api/krb5_verify_checksum:krb5-verify-checksum}\index{krb5\_verify\_checksum (C function)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/api/krb5_verify_checksum:c.krb5_verify_checksum}\pysiglinewithargsret{{\hyperref[appdev/refs/types/krb5_error_code:c.krb5_error_code]{krb5\_error\_code}} \bfcode{krb5\_verify\_checksum}}{{\hyperref[appdev/refs/types/krb5_context:c.krb5_context]{krb5\_context}}\emph{Â context}, {\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}}\emph{Â ctype}, const {\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} *\emph{Â cksum}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â in}, size\_t\emph{Â in\_length}, {\hyperref[appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer]{krb5\_const\_pointer}}\emph{Â seed}, size\_t\emph{Â seed\_length}}{} +\end{fulllineitems} + +\begin{quote}\begin{description} +\item[{param}] \leavevmode +\textbf{context} + +\textbf{ctype} + +\textbf{cksum} + +\textbf{in} + +\textbf{in\_length} + +\textbf{seed} + +\textbf{seed\_length} + +\end{description}\end{quote} + +DEPRECATED See krb5\_c\_verify\_checksum() + + +\section{krb5 types and structures} +\label{appdev/refs/types/index::doc}\label{appdev/refs/types/index:krb5-types-and-structures} + +\subsection{Public} +\label{appdev/refs/types/index:public} + +\subsubsection{krb5\_address} +\label{appdev/refs/types/krb5_address:krb5-address-struct}\label{appdev/refs/types/krb5_address::doc}\label{appdev/refs/types/krb5_address:krb5-address}\index{krb5\_address (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_address:c.krb5_address}\pysigline{\bfcode{krb5\_address}} +\end{fulllineitems} + + +Structure for address. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_address:declaration} +typedef struct \_krb5\_address krb5\_address + + +\paragraph{Members} +\label{appdev/refs/types/krb5_address:members}\index{krb5\_address.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_address:c.krb5_address.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_address.magic}} +\end{fulllineitems} + +\index{krb5\_address.addrtype (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_address:c.krb5_address.addrtype}\pysigline{{\hyperref[appdev/refs/types/krb5_addrtype:c.krb5_addrtype]{krb5\_addrtype}} \bfcode{krb5\_address.addrtype}} +\end{fulllineitems} + +\index{krb5\_address.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_address:c.krb5_address.length}\pysigline{unsigned int \bfcode{krb5\_address.length}} +\end{fulllineitems} + +\index{krb5\_address.contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_address:c.krb5_address.contents}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_address.contents}} +\end{fulllineitems} + + + +\subsubsection{krb5\_addrtype} +\label{appdev/refs/types/krb5_addrtype:krb5-addrtype}\label{appdev/refs/types/krb5_addrtype:krb5-addrtype-struct}\label{appdev/refs/types/krb5_addrtype::doc}\index{krb5\_addrtype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_addrtype:c.krb5_addrtype}\pysigline{\bfcode{krb5\_addrtype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_addrtype:declaration} +typedef krb5\_int32 krb5\_addrtype + + +\subsubsection{krb5\_ap\_req} +\label{appdev/refs/types/krb5_ap_req:krb5-ap-req}\label{appdev/refs/types/krb5_ap_req::doc}\label{appdev/refs/types/krb5_ap_req:krb5-ap-req-struct}\index{krb5\_ap\_req (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}\pysigline{\bfcode{krb5\_ap\_req}} +\end{fulllineitems} + + +Authentication header. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ap_req:declaration} +typedef struct \_krb5\_ap\_req krb5\_ap\_req + + +\paragraph{Members} +\label{appdev/refs/types/krb5_ap_req:members}\index{krb5\_ap\_req.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_ap\_req.magic}} +\end{fulllineitems} + +\index{krb5\_ap\_req.ap\_options (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.ap_options}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_ap\_req.ap\_options}} +Requested options. + +\end{fulllineitems} + +\index{krb5\_ap\_req.ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} * \bfcode{krb5\_ap\_req.ticket}} +Ticket. + +\end{fulllineitems} + +\index{krb5\_ap\_req.authenticator (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.authenticator}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_ap\_req.authenticator}} +Encrypted authenticator. + +\end{fulllineitems} + + + +\subsubsection{krb5\_ap\_rep} +\label{appdev/refs/types/krb5_ap_rep:krb5-ap-rep-struct}\label{appdev/refs/types/krb5_ap_rep:krb5-ap-rep}\label{appdev/refs/types/krb5_ap_rep::doc}\index{krb5\_ap\_rep (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep}\pysigline{\bfcode{krb5\_ap\_rep}} +\end{fulllineitems} + + +C representaton of AP-REP message. + +The server's response to a client's request for mutual authentication. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ap_rep:declaration} +typedef struct \_krb5\_ap\_rep krb5\_ap\_rep + + +\paragraph{Members} +\label{appdev/refs/types/krb5_ap_rep:members}\index{krb5\_ap\_rep.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_ap\_rep.magic}} +\end{fulllineitems} + +\index{krb5\_ap\_rep.enc\_part (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep.enc_part}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_ap\_rep.enc\_part}} +Ciphertext of ApRepEncPart. + +\end{fulllineitems} + + + +\subsubsection{krb5\_ap\_rep\_enc\_part} +\label{appdev/refs/types/krb5_ap_rep_enc_part:krb5-ap-rep-enc-part-struct}\label{appdev/refs/types/krb5_ap_rep_enc_part::doc}\label{appdev/refs/types/krb5_ap_rep_enc_part:krb5-ap-rep-enc-part}\index{krb5\_ap\_rep\_enc\_part (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}\pysigline{\bfcode{krb5\_ap\_rep\_enc\_part}} +\end{fulllineitems} + + +Cleartext that is encrypted and put into \code{\_krb5\_ap\_rep} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ap_rep_enc_part:declaration} +typedef struct \_krb5\_ap\_rep\_enc\_part krb5\_ap\_rep\_enc\_part + + +\paragraph{Members} +\label{appdev/refs/types/krb5_ap_rep_enc_part:members}\index{krb5\_ap\_rep\_enc\_part.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_ap\_rep\_enc\_part.magic}} +\end{fulllineitems} + +\index{krb5\_ap\_rep\_enc\_part.ctime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.ctime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_ap\_rep\_enc\_part.ctime}} +Client time, seconds portion. + +\end{fulllineitems} + +\index{krb5\_ap\_rep\_enc\_part.cusec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.cusec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_ap\_rep\_enc\_part.cusec}} +Client time, microseconds portion. + +\end{fulllineitems} + +\index{krb5\_ap\_rep\_enc\_part.subkey (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.subkey}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_ap\_rep\_enc\_part.subkey}} +Subkey (optional) + +\end{fulllineitems} + +\index{krb5\_ap\_rep\_enc\_part.seq\_number (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.seq_number}\pysigline{{\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} \bfcode{krb5\_ap\_rep\_enc\_part.seq\_number}} +Sequence number. + +\end{fulllineitems} + + + +\subsubsection{krb5\_authdata} +\label{appdev/refs/types/krb5_authdata:krb5-authdata}\label{appdev/refs/types/krb5_authdata::doc}\label{appdev/refs/types/krb5_authdata:krb5-authdata-struct}\index{krb5\_authdata (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdata:c.krb5_authdata}\pysigline{\bfcode{krb5\_authdata}} +\end{fulllineitems} + + +Structure for auth data. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_authdata:declaration} +typedef struct \_krb5\_authdata krb5\_authdata + + +\paragraph{Members} +\label{appdev/refs/types/krb5_authdata:members}\index{krb5\_authdata.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdata:c.krb5_authdata.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_authdata.magic}} +\end{fulllineitems} + +\index{krb5\_authdata.ad\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdata:c.krb5_authdata.ad_type}\pysigline{{\hyperref[appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype]{krb5\_authdatatype}} \bfcode{krb5\_authdata.ad\_type}} +ADTYPE. + +\end{fulllineitems} + +\index{krb5\_authdata.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdata:c.krb5_authdata.length}\pysigline{unsigned int \bfcode{krb5\_authdata.length}} +Length of data. + +\end{fulllineitems} + +\index{krb5\_authdata.contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdata:c.krb5_authdata.contents}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_authdata.contents}} +Data. + +\end{fulllineitems} + + + +\subsubsection{krb5\_authdatatype} +\label{appdev/refs/types/krb5_authdatatype:krb5-authdatatype-struct}\label{appdev/refs/types/krb5_authdatatype::doc}\label{appdev/refs/types/krb5_authdatatype:krb5-authdatatype}\index{krb5\_authdatatype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}\pysigline{\bfcode{krb5\_authdatatype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_authdatatype:declaration} +typedef krb5\_int32 krb5\_authdatatype + + +\subsubsection{krb5\_authenticator} +\label{appdev/refs/types/krb5_authenticator:krb5-authenticator-struct}\label{appdev/refs/types/krb5_authenticator:krb5-authenticator}\label{appdev/refs/types/krb5_authenticator::doc}\index{krb5\_authenticator (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}\pysigline{\bfcode{krb5\_authenticator}} +\end{fulllineitems} + + +Ticket authenticator. + +The C representation of an unencrypted authenticator. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_authenticator:declaration} +typedef struct \_krb5\_authenticator krb5\_authenticator + + +\paragraph{Members} +\label{appdev/refs/types/krb5_authenticator:members}\index{krb5\_authenticator.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_authenticator.magic}} +\end{fulllineitems} + +\index{krb5\_authenticator.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_authenticator.client}} +client name/realm + +\end{fulllineitems} + +\index{krb5\_authenticator.checksum (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.checksum}\pysigline{{\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} * \bfcode{krb5\_authenticator.checksum}} +checksum, includes type, optional + +\end{fulllineitems} + +\index{krb5\_authenticator.cusec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.cusec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_authenticator.cusec}} +client usec portion + +\end{fulllineitems} + +\index{krb5\_authenticator.ctime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.ctime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_authenticator.ctime}} +client sec portion + +\end{fulllineitems} + +\index{krb5\_authenticator.subkey (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.subkey}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_authenticator.subkey}} +true session key, optional + +\end{fulllineitems} + +\index{krb5\_authenticator.seq\_number (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.seq_number}\pysigline{{\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} \bfcode{krb5\_authenticator.seq\_number}} +sequence \#, optional + +\end{fulllineitems} + +\index{krb5\_authenticator.authorization\_data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.authorization_data}\pysigline{{\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ** \bfcode{krb5\_authenticator.authorization\_data}} +authoriazation data + +\end{fulllineitems} + + + +\subsubsection{krb5\_boolean} +\label{appdev/refs/types/krb5_boolean:krb5-boolean-struct}\label{appdev/refs/types/krb5_boolean::doc}\label{appdev/refs/types/krb5_boolean:krb5-boolean}\index{krb5\_boolean (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_boolean:c.krb5_boolean}\pysigline{\bfcode{krb5\_boolean}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_boolean:declaration} +typedef unsigned int krb5\_boolean + + +\subsubsection{krb5\_checksum} +\label{appdev/refs/types/krb5_checksum::doc}\label{appdev/refs/types/krb5_checksum:krb5-checksum}\label{appdev/refs/types/krb5_checksum:krb5-checksum-struct}\index{krb5\_checksum (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_checksum:c.krb5_checksum}\pysigline{\bfcode{krb5\_checksum}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_checksum:declaration} +typedef struct \_krb5\_checksum krb5\_checksum + + +\paragraph{Members} +\label{appdev/refs/types/krb5_checksum:members}\index{krb5\_checksum.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_checksum:c.krb5_checksum.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_checksum.magic}} +\end{fulllineitems} + +\index{krb5\_checksum.checksum\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_checksum:c.krb5_checksum.checksum_type}\pysigline{{\hyperref[appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype]{krb5\_cksumtype}} \bfcode{krb5\_checksum.checksum\_type}} +\end{fulllineitems} + +\index{krb5\_checksum.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_checksum:c.krb5_checksum.length}\pysigline{unsigned int \bfcode{krb5\_checksum.length}} +\end{fulllineitems} + +\index{krb5\_checksum.contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_checksum:c.krb5_checksum.contents}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_checksum.contents}} +\end{fulllineitems} + + + +\subsubsection{krb5\_const\_pointer} +\label{appdev/refs/types/krb5_const_pointer:krb5-const-pointer}\label{appdev/refs/types/krb5_const_pointer::doc}\label{appdev/refs/types/krb5_const_pointer:krb5-const-pointer-struct}\index{krb5\_const\_pointer (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}\pysigline{\bfcode{krb5\_const\_pointer}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_const_pointer:declaration} +typedef void const* krb5\_const\_pointer + + +\subsubsection{krb5\_const\_principal} +\label{appdev/refs/types/krb5_const_principal:krb5-const-principal-struct}\label{appdev/refs/types/krb5_const_principal:krb5-const-principal}\label{appdev/refs/types/krb5_const_principal::doc}\index{krb5\_const\_principal (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}\pysigline{\bfcode{krb5\_const\_principal}} +\end{fulllineitems} + + +Constant version of {\hyperref[appdev/refs/types/krb5_principal_data:c.krb5_principal_data]{\code{krb5\_principal\_data}}} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_const_principal:declaration} +typedef const krb5\_principal\_data* krb5\_const\_principal + + +\paragraph{Members} +\label{appdev/refs/types/krb5_const_principal:members}\index{krb5\_const\_principal.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_const\_principal.magic}} +\end{fulllineitems} + +\index{krb5\_const\_principal.realm (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.realm}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_const\_principal.realm}} +\end{fulllineitems} + +\index{krb5\_const\_principal.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_const\_principal.data}} +An array of strings. + +\end{fulllineitems} + +\index{krb5\_const\_principal.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.length}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_const\_principal.length}} +\end{fulllineitems} + +\index{krb5\_const\_principal.type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_const\_principal.type}} +\end{fulllineitems} + + + +\subsubsection{krb5\_cred} +\label{appdev/refs/types/krb5_cred:krb5-cred-struct}\label{appdev/refs/types/krb5_cred::doc}\label{appdev/refs/types/krb5_cred:krb5-cred}\index{krb5\_cred (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred:c.krb5_cred}\pysigline{\bfcode{krb5\_cred}} +\end{fulllineitems} + + +Credentials data structure. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cred:declaration} +typedef struct \_krb5\_cred krb5\_cred + + +\paragraph{Members} +\label{appdev/refs/types/krb5_cred:members}\index{krb5\_cred.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred:c.krb5_cred.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_cred.magic}} +\end{fulllineitems} + +\index{krb5\_cred.tickets (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred:c.krb5_cred.tickets}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} ** \bfcode{krb5\_cred.tickets}} +Tickets. + +\end{fulllineitems} + +\index{krb5\_cred.enc\_part (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred:c.krb5_cred.enc_part}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_cred.enc\_part}} +Encrypted part. + +\end{fulllineitems} + +\index{krb5\_cred.enc\_part2 (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred:c.krb5_cred.enc_part2}\pysigline{{\hyperref[appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part]{krb5\_cred\_enc\_part}} * \bfcode{krb5\_cred.enc\_part2}} +Unencrypted version, if available. + +\end{fulllineitems} + + + +\subsubsection{krb5\_cred\_enc\_part} +\label{appdev/refs/types/krb5_cred_enc_part::doc}\label{appdev/refs/types/krb5_cred_enc_part:krb5-cred-enc-part}\label{appdev/refs/types/krb5_cred_enc_part:krb5-cred-enc-part-struct}\index{krb5\_cred\_enc\_part (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}\pysigline{\bfcode{krb5\_cred\_enc\_part}} +\end{fulllineitems} + + +Cleartext credentials information. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cred_enc_part:declaration} +typedef struct \_krb5\_cred\_enc\_part krb5\_cred\_enc\_part + + +\paragraph{Members} +\label{appdev/refs/types/krb5_cred_enc_part:members}\index{krb5\_cred\_enc\_part.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_cred\_enc\_part.magic}} +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.nonce (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.nonce}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_cred\_enc\_part.nonce}} +Nonce (optional) + +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.timestamp (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.timestamp}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_cred\_enc\_part.timestamp}} +Generation time, seconds portion. + +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.usec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.usec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_cred\_enc\_part.usec}} +Generation time, microseconds portion. + +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.s\_address (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.s_address}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} * \bfcode{krb5\_cred\_enc\_part.s\_address}} +Sender address (optional) + +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.r\_address (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.r_address}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} * \bfcode{krb5\_cred\_enc\_part.r\_address}} +Recipient address (optional) + +\end{fulllineitems} + +\index{krb5\_cred\_enc\_part.ticket\_info (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.ticket_info}\pysigline{{\hyperref[appdev/refs/types/krb5_cred_info:c.krb5_cred_info]{krb5\_cred\_info}} ** \bfcode{krb5\_cred\_enc\_part.ticket\_info}} +\end{fulllineitems} + + + +\subsubsection{krb5\_cred\_info} +\label{appdev/refs/types/krb5_cred_info:krb5-cred-info-struct}\label{appdev/refs/types/krb5_cred_info::doc}\label{appdev/refs/types/krb5_cred_info:krb5-cred-info}\index{krb5\_cred\_info (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}\pysigline{\bfcode{krb5\_cred\_info}} +\end{fulllineitems} + + +Credentials information inserted into \emph{EncKrbCredPart} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cred_info:declaration} +typedef struct \_krb5\_cred\_info krb5\_cred\_info + + +\paragraph{Members} +\label{appdev/refs/types/krb5_cred_info:members}\index{krb5\_cred\_info.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_cred\_info.magic}} +\end{fulllineitems} + +\index{krb5\_cred\_info.session (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.session}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_cred\_info.session}} +Session key used to encrypt ticket. + +\end{fulllineitems} + +\index{krb5\_cred\_info.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_cred\_info.client}} +Client principal and realm. + +\end{fulllineitems} + +\index{krb5\_cred\_info.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_cred\_info.server}} +Server principal and realm. + +\end{fulllineitems} + +\index{krb5\_cred\_info.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_cred\_info.flags}} +Ticket flags. + +\end{fulllineitems} + +\index{krb5\_cred\_info.times (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.times}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} \bfcode{krb5\_cred\_info.times}} +Auth, start, end, renew\_till. + +\end{fulllineitems} + +\index{krb5\_cred\_info.caddrs (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.caddrs}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_cred\_info.caddrs}} +Array of pointers to addrs (optional) + +\end{fulllineitems} + + + +\subsubsection{krb5\_creds} +\label{appdev/refs/types/krb5_creds::doc}\label{appdev/refs/types/krb5_creds:krb5-creds}\label{appdev/refs/types/krb5_creds:krb5-creds-struct}\index{krb5\_creds (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds}\pysigline{\bfcode{krb5\_creds}} +\end{fulllineitems} + + +Credentials structure including ticket, session key, and lifetime info. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_creds:declaration} +typedef struct \_krb5\_creds krb5\_creds + + +\paragraph{Members} +\label{appdev/refs/types/krb5_creds:members}\index{krb5\_creds.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_creds.magic}} +\end{fulllineitems} + +\index{krb5\_creds.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_creds.client}} +client's principal identifier + +\end{fulllineitems} + +\index{krb5\_creds.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_creds.server}} +server's principal identifier + +\end{fulllineitems} + +\index{krb5\_creds.keyblock (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.keyblock}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} \bfcode{krb5\_creds.keyblock}} +session encryption key info + +\end{fulllineitems} + +\index{krb5\_creds.times (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.times}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} \bfcode{krb5\_creds.times}} +lifetime info + +\end{fulllineitems} + +\index{krb5\_creds.is\_skey (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.is_skey}\pysigline{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_creds.is\_skey}} +true if ticket is encrypted in another ticket's skey + +\end{fulllineitems} + +\index{krb5\_creds.ticket\_flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.ticket_flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_creds.ticket\_flags}} +flags in ticket + +\end{fulllineitems} + +\index{krb5\_creds.addresses (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.addresses}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_creds.addresses}} +addrs in ticket + +\end{fulllineitems} + +\index{krb5\_creds.ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_creds.ticket}} +ticket string itself + +\end{fulllineitems} + +\index{krb5\_creds.second\_ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.second_ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_creds.second\_ticket}} +second ticket, if related to ticket (via DUPLICATE-SKEY or ENC-TKT-IN-SKEY) + +\end{fulllineitems} + +\index{krb5\_creds.authdata (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_creds:c.krb5_creds.authdata}\pysigline{{\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ** \bfcode{krb5\_creds.authdata}} +authorization data + +\end{fulllineitems} + + + +\subsubsection{krb5\_crypto\_iov} +\label{appdev/refs/types/krb5_crypto_iov:krb5-crypto-iov}\label{appdev/refs/types/krb5_crypto_iov::doc}\label{appdev/refs/types/krb5_crypto_iov:krb5-crypto-iov-struct}\index{krb5\_crypto\_iov (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}\pysigline{\bfcode{krb5\_crypto\_iov}} +\end{fulllineitems} + + +Structure to describe a region of text to be encrypted or decrypted. + +The \emph{flags} member describes the type of the iov. The \emph{data} member points to the memory that will be manipulated. All iov APIs take a pointer to the first element of an array of krb5\_crypto\_iov's along with the size of that array. Buffer contents are manipulated in-place; data is overwritten. Callers must allocate the right number of krb5\_crypto\_iov structures before calling into an iov API. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_crypto_iov:declaration} +typedef struct \_krb5\_crypto\_iov krb5\_crypto\_iov + + +\paragraph{Members} +\label{appdev/refs/types/krb5_crypto_iov:members}\index{krb5\_crypto\_iov.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype]{krb5\_cryptotype}} \bfcode{krb5\_crypto\_iov.flags}} +\code{KRB5\_CRYPTO\_TYPE} type of the iov + +\end{fulllineitems} + +\index{krb5\_crypto\_iov.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov.data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_crypto\_iov.data}} +\end{fulllineitems} + + + +\subsubsection{krb5\_cryptotype} +\label{appdev/refs/types/krb5_cryptotype:krb5-cryptotype}\label{appdev/refs/types/krb5_cryptotype::doc}\label{appdev/refs/types/krb5_cryptotype:krb5-cryptotype-struct}\index{krb5\_cryptotype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype}\pysigline{\bfcode{krb5\_cryptotype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cryptotype:declaration} +typedef krb5\_int32 krb5\_cryptotype + + +\subsubsection{krb5\_data} +\label{appdev/refs/types/krb5_data:krb5-data}\label{appdev/refs/types/krb5_data::doc}\label{appdev/refs/types/krb5_data:krb5-data-struct}\index{krb5\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_data:c.krb5_data}\pysigline{\bfcode{krb5\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_data:declaration} +typedef struct \_krb5\_data krb5\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_data:members}\index{krb5\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_data:c.krb5_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_data.magic}} +\end{fulllineitems} + +\index{krb5\_data.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_data:c.krb5_data.length}\pysigline{unsigned int \bfcode{krb5\_data.length}} +\end{fulllineitems} + +\index{krb5\_data.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_data:c.krb5_data.data}\pysigline{char * \bfcode{krb5\_data.data}} +\end{fulllineitems} + + + +\subsubsection{krb5\_deltat} +\label{appdev/refs/types/krb5_deltat:krb5-deltat}\label{appdev/refs/types/krb5_deltat:krb5-deltat-struct}\label{appdev/refs/types/krb5_deltat::doc}\index{krb5\_deltat (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_deltat:c.krb5_deltat}\pysigline{\bfcode{krb5\_deltat}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_deltat:declaration} +typedef krb5\_int32 krb5\_deltat + + +\subsubsection{krb5\_enc\_data} +\label{appdev/refs/types/krb5_enc_data::doc}\label{appdev/refs/types/krb5_enc_data:krb5-enc-data}\label{appdev/refs/types/krb5_enc_data:krb5-enc-data-struct}\index{krb5\_enc\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}\pysigline{\bfcode{krb5\_enc\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_enc_data:declaration} +typedef struct \_krb5\_enc\_data krb5\_enc\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_enc_data:members}\index{krb5\_enc\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_enc\_data.magic}} +\end{fulllineitems} + +\index{krb5\_enc\_data.enctype (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.enctype}\pysigline{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} \bfcode{krb5\_enc\_data.enctype}} +\end{fulllineitems} + +\index{krb5\_enc\_data.kvno (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.kvno}\pysigline{{\hyperref[appdev/refs/types/krb5_kvno:c.krb5_kvno]{krb5\_kvno}} \bfcode{krb5\_enc\_data.kvno}} +\end{fulllineitems} + +\index{krb5\_enc\_data.ciphertext (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.ciphertext}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_enc\_data.ciphertext}} +\end{fulllineitems} + + + +\subsubsection{krb5\_enc\_kdc\_rep\_part} +\label{appdev/refs/types/krb5_enc_kdc_rep_part::doc}\label{appdev/refs/types/krb5_enc_kdc_rep_part:krb5-enc-kdc-rep-part}\label{appdev/refs/types/krb5_enc_kdc_rep_part:krb5-enc-kdc-rep-part-struct}\index{krb5\_enc\_kdc\_rep\_part (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}\pysigline{\bfcode{krb5\_enc\_kdc\_rep\_part}} +\end{fulllineitems} + + +C representation of \emph{EncKDCRepPart} protocol message. + +This is the cleartext message that is encrypted and inserted in \emph{KDC-REP} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_enc_kdc_rep_part:declaration} +typedef struct \_krb5\_enc\_kdc\_rep\_part krb5\_enc\_kdc\_rep\_part + + +\paragraph{Members} +\label{appdev/refs/types/krb5_enc_kdc_rep_part:members}\index{krb5\_enc\_kdc\_rep\_part.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_enc\_kdc\_rep\_part.magic}} +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.msg\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.msg_type}\pysigline{{\hyperref[appdev/refs/types/krb5_msgtype:c.krb5_msgtype]{krb5\_msgtype}} \bfcode{krb5\_enc\_kdc\_rep\_part.msg\_type}} +krb5 message type + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.session (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.session}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_enc\_kdc\_rep\_part.session}} +Session key. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.last\_req (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.last_req}\pysigline{{\hyperref[appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry]{krb5\_last\_req\_entry}} ** \bfcode{krb5\_enc\_kdc\_rep\_part.last\_req}} +Array of pointers to entries. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.nonce (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.nonce}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_enc\_kdc\_rep\_part.nonce}} +Nonce from request. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.key\_exp (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.key_exp}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_enc\_kdc\_rep\_part.key\_exp}} +Expiration date. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_enc\_kdc\_rep\_part.flags}} +Ticket flags. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.times (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.times}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} \bfcode{krb5\_enc\_kdc\_rep\_part.times}} +Lifetime info. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_enc\_kdc\_rep\_part.server}} +Server's principal identifier. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.caddrs (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.caddrs}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_enc\_kdc\_rep\_part.caddrs}} +Array of ptrs to addrs, optional. + +\end{fulllineitems} + +\index{krb5\_enc\_kdc\_rep\_part.enc\_padata (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.enc_padata}\pysigline{{\hyperref[appdev/refs/types/krb5_pa_data:c.krb5_pa_data]{krb5\_pa\_data}} ** \bfcode{krb5\_enc\_kdc\_rep\_part.enc\_padata}} +Encrypted preauthentication data. + +\end{fulllineitems} + + + +\subsubsection{krb5\_enc\_tkt\_part} +\label{appdev/refs/types/krb5_enc_tkt_part:krb5-enc-tkt-part}\label{appdev/refs/types/krb5_enc_tkt_part::doc}\label{appdev/refs/types/krb5_enc_tkt_part:krb5-enc-tkt-part-struct}\index{krb5\_enc\_tkt\_part (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}\pysigline{\bfcode{krb5\_enc\_tkt\_part}} +\end{fulllineitems} + + +Encrypted part of ticket. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_enc_tkt_part:declaration} +typedef struct \_krb5\_enc\_tkt\_part krb5\_enc\_tkt\_part + + +\paragraph{Members} +\label{appdev/refs/types/krb5_enc_tkt_part:members}\index{krb5\_enc\_tkt\_part.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_enc\_tkt\_part.magic}} +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_enc\_tkt\_part.flags}} +flags + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.session (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.session}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_enc\_tkt\_part.session}} +session key: includes enctype + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_enc\_tkt\_part.client}} +client name/realm + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.transited (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.transited}\pysigline{{\hyperref[appdev/refs/types/krb5_transited:c.krb5_transited]{krb5\_transited}} \bfcode{krb5\_enc\_tkt\_part.transited}} +list of transited realms + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.times (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.times}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times]{krb5\_ticket\_times}} \bfcode{krb5\_enc\_tkt\_part.times}} +auth, start, end, renew\_till + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.caddrs (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.caddrs}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_enc\_tkt\_part.caddrs}} +array of ptrs to addresses + +\end{fulllineitems} + +\index{krb5\_enc\_tkt\_part.authorization\_data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.authorization_data}\pysigline{{\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ** \bfcode{krb5\_enc\_tkt\_part.authorization\_data}} +auth data + +\end{fulllineitems} + + + +\subsubsection{krb5\_encrypt\_block} +\label{appdev/refs/types/krb5_encrypt_block:krb5-encrypt-block}\label{appdev/refs/types/krb5_encrypt_block:krb5-encrypt-block-struct}\label{appdev/refs/types/krb5_encrypt_block::doc}\index{krb5\_encrypt\_block (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}\pysigline{\bfcode{krb5\_encrypt\_block}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_encrypt_block:declaration} +typedef struct \_krb5\_encrypt\_block krb5\_encrypt\_block + + +\paragraph{Members} +\label{appdev/refs/types/krb5_encrypt_block:members}\index{krb5\_encrypt\_block.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_encrypt\_block.magic}} +\end{fulllineitems} + +\index{krb5\_encrypt\_block.crypto\_entry (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.crypto_entry}\pysigline{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} \bfcode{krb5\_encrypt\_block.crypto\_entry}} +\end{fulllineitems} + +\index{krb5\_encrypt\_block.key (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.key}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} * \bfcode{krb5\_encrypt\_block.key}} +\end{fulllineitems} + + + +\subsubsection{krb5\_enctype} +\label{appdev/refs/types/krb5_enctype:krb5-enctype-struct}\label{appdev/refs/types/krb5_enctype:krb5-enctype}\label{appdev/refs/types/krb5_enctype::doc}\index{krb5\_enctype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_enctype:c.krb5_enctype}\pysigline{\bfcode{krb5\_enctype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_enctype:declaration} +typedef krb5\_int32 krb5\_enctype + + +\subsubsection{krb5\_error} +\label{appdev/refs/types/krb5_error:krb5-error-struct}\label{appdev/refs/types/krb5_error:krb5-error}\label{appdev/refs/types/krb5_error::doc}\index{krb5\_error (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error}\pysigline{\bfcode{krb5\_error}} +\end{fulllineitems} + + +Error message structure. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_error:declaration} +typedef struct \_krb5\_error krb5\_error + + +\paragraph{Members} +\label{appdev/refs/types/krb5_error:members}\index{krb5\_error.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_error.magic}} +\end{fulllineitems} + +\index{krb5\_error.ctime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.ctime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_error.ctime}} +Client sec portion; optional. + +\end{fulllineitems} + +\index{krb5\_error.cusec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.cusec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_error.cusec}} +Client usec portion; optional. + +\end{fulllineitems} + +\index{krb5\_error.susec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.susec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_error.susec}} +Server usec portion. + +\end{fulllineitems} + +\index{krb5\_error.stime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.stime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_error.stime}} +Server sec portion. + +\end{fulllineitems} + +\index{krb5\_error.error (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.error}\pysigline{{\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} \bfcode{krb5\_error.error}} +Error code (protocol error \#'s) + +\end{fulllineitems} + +\index{krb5\_error.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_error.client}} +Client principal and realm. + +\end{fulllineitems} + +\index{krb5\_error.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_error.server}} +Server principal and realm. + +\end{fulllineitems} + +\index{krb5\_error.text (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.text}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_error.text}} +Descriptive text. + +\end{fulllineitems} + +\index{krb5\_error.e\_data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error:c.krb5_error.e_data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_error.e\_data}} +Additional error-describing data. + +\end{fulllineitems} + + + +\subsubsection{krb5\_error\_code} +\label{appdev/refs/types/krb5_error_code:krb5-error-code}\label{appdev/refs/types/krb5_error_code::doc}\label{appdev/refs/types/krb5_error_code:krb5-error-code-struct}\index{krb5\_error\_code (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_error_code:c.krb5_error_code}\pysigline{\bfcode{krb5\_error\_code}} +\end{fulllineitems} + + +Used to convey an operation status. + +The value 0 indicates success; any other values are com\_err codes. Use {\hyperref[appdev/refs/api/krb5_get_error_message:c.krb5_get_error_message]{\code{krb5\_get\_error\_message()}}} to obtain a string describing the error. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_error_code:declaration} +typedef krb5\_int32 krb5\_error\_code + + +\subsubsection{krb5\_expire\_callback\_func} +\label{appdev/refs/types/krb5_expire_callback_func:krb5-expire-callback-func}\label{appdev/refs/types/krb5_expire_callback_func::doc}\label{appdev/refs/types/krb5_expire_callback_func:krb5-expire-callback-func-struct}\index{krb5\_expire\_callback\_func (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_expire_callback_func:c.krb5_expire_callback_func}\pysigline{\bfcode{krb5\_expire\_callback\_func}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_expire_callback_func:declaration} +typedef void( * krb5\_expire\_callback\_func)(krb5\_context context, void *data, krb5\_timestamp password\_expiration, krb5\_timestamp account\_expiration, krb5\_boolean is\_last\_req) + + +\subsubsection{krb5\_flags} +\label{appdev/refs/types/krb5_flags:krb5-flags-struct}\label{appdev/refs/types/krb5_flags:krb5-flags}\label{appdev/refs/types/krb5_flags::doc}\index{krb5\_flags (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_flags:c.krb5_flags}\pysigline{\bfcode{krb5\_flags}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_flags:declaration} +typedef krb5\_int32 krb5\_flags + + +\subsubsection{krb5\_get\_init\_creds\_opt} +\label{appdev/refs/types/krb5_get_init_creds_opt:krb5-get-init-creds-opt-struct}\label{appdev/refs/types/krb5_get_init_creds_opt::doc}\label{appdev/refs/types/krb5_get_init_creds_opt:krb5-get-init-creds-opt}\index{krb5\_get\_init\_creds\_opt (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}\pysigline{\bfcode{krb5\_get\_init\_creds\_opt}} +\end{fulllineitems} + + +Store options for \emph{\_krb5\_get\_init\_creds} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_get_init_creds_opt:declaration} +typedef struct \_krb5\_get\_init\_creds\_opt krb5\_get\_init\_creds\_opt + + +\paragraph{Members} +\label{appdev/refs/types/krb5_get_init_creds_opt:members}\index{krb5\_get\_init\_creds\_opt.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_get\_init\_creds\_opt.flags}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.tkt\_life (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.tkt_life}\pysigline{{\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}} \bfcode{krb5\_get\_init\_creds\_opt.tkt\_life}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.renew\_life (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.renew_life}\pysigline{{\hyperref[appdev/refs/types/krb5_deltat:c.krb5_deltat]{krb5\_deltat}} \bfcode{krb5\_get\_init\_creds\_opt.renew\_life}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.forwardable (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.forwardable}\pysigline{int \bfcode{krb5\_get\_init\_creds\_opt.forwardable}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.proxiable (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.proxiable}\pysigline{int \bfcode{krb5\_get\_init\_creds\_opt.proxiable}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.etype\_list (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.etype_list}\pysigline{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} * \bfcode{krb5\_get\_init\_creds\_opt.etype\_list}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.etype\_list\_length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.etype_list_length}\pysigline{int \bfcode{krb5\_get\_init\_creds\_opt.etype\_list\_length}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.address\_list (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.address_list}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_get\_init\_creds\_opt.address\_list}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.preauth\_list (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.preauth_list}\pysigline{{\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} * \bfcode{krb5\_get\_init\_creds\_opt.preauth\_list}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.preauth\_list\_length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.preauth_list_length}\pysigline{int \bfcode{krb5\_get\_init\_creds\_opt.preauth\_list\_length}} +\end{fulllineitems} + +\index{krb5\_get\_init\_creds\_opt.salt (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.salt}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_get\_init\_creds\_opt.salt}} +\end{fulllineitems} + + + +\subsubsection{krb5\_gic\_opt\_pa\_data} +\label{appdev/refs/types/krb5_gic_opt_pa_data::doc}\label{appdev/refs/types/krb5_gic_opt_pa_data:krb5-gic-opt-pa-data}\label{appdev/refs/types/krb5_gic_opt_pa_data:krb5-gic-opt-pa-data-struct}\index{krb5\_gic\_opt\_pa\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data}\pysigline{\bfcode{krb5\_gic\_opt\_pa\_data}} +\end{fulllineitems} + + +Generic preauth option attribute/value pairs. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_gic_opt_pa_data:declaration} +typedef struct \_krb5\_gic\_opt\_pa\_data krb5\_gic\_opt\_pa\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_gic_opt_pa_data:members}\index{krb5\_gic\_opt\_pa\_data.attr (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data.attr}\pysigline{char * \bfcode{krb5\_gic\_opt\_pa\_data.attr}} +\end{fulllineitems} + +\index{krb5\_gic\_opt\_pa\_data.value (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data.value}\pysigline{char * \bfcode{krb5\_gic\_opt\_pa\_data.value}} +\end{fulllineitems} + + + +\subsubsection{krb5\_int16} +\label{appdev/refs/types/krb5_int16:krb5-int16-struct}\label{appdev/refs/types/krb5_int16:krb5-int16}\label{appdev/refs/types/krb5_int16::doc}\index{krb5\_int16 (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_int16:c.krb5_int16}\pysigline{\bfcode{krb5\_int16}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_int16:declaration} +typedef int16\_t krb5\_int16 + + +\subsubsection{krb5\_int32} +\label{appdev/refs/types/krb5_int32:krb5-int32-struct}\label{appdev/refs/types/krb5_int32::doc}\label{appdev/refs/types/krb5_int32:krb5-int32}\index{krb5\_int32 (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_int32:c.krb5_int32}\pysigline{\bfcode{krb5\_int32}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_int32:declaration} +typedef int32\_t krb5\_int32 + + +\subsubsection{krb5\_kdc\_rep} +\label{appdev/refs/types/krb5_kdc_rep::doc}\label{appdev/refs/types/krb5_kdc_rep:krb5-kdc-rep}\label{appdev/refs/types/krb5_kdc_rep:krb5-kdc-rep-struct}\index{krb5\_kdc\_rep (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}\pysigline{\bfcode{krb5\_kdc\_rep}} +\end{fulllineitems} + + +Representation of the \emph{KDC-REP} protocol message. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_kdc_rep:declaration} +typedef struct \_krb5\_kdc\_rep krb5\_kdc\_rep + + +\paragraph{Members} +\label{appdev/refs/types/krb5_kdc_rep:members}\index{krb5\_kdc\_rep.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_kdc\_rep.magic}} +\end{fulllineitems} + +\index{krb5\_kdc\_rep.msg\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.msg_type}\pysigline{{\hyperref[appdev/refs/types/krb5_msgtype:c.krb5_msgtype]{krb5\_msgtype}} \bfcode{krb5\_kdc\_rep.msg\_type}} +KRB5\_AS\_REP or KRB5\_KDC\_REP. + +\end{fulllineitems} + +\index{krb5\_kdc\_rep.padata (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.padata}\pysigline{{\hyperref[appdev/refs/types/krb5_pa_data:c.krb5_pa_data]{krb5\_pa\_data}} ** \bfcode{krb5\_kdc\_rep.padata}} +Preauthentication data from KDC. + +\end{fulllineitems} + +\index{krb5\_kdc\_rep.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_kdc\_rep.client}} +Client principal and realm. + +\end{fulllineitems} + +\index{krb5\_kdc\_rep.ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} * \bfcode{krb5\_kdc\_rep.ticket}} +Ticket. + +\end{fulllineitems} + +\index{krb5\_kdc\_rep.enc\_part (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.enc_part}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_kdc\_rep.enc\_part}} +Encrypted part of reply. + +\end{fulllineitems} + +\index{krb5\_kdc\_rep.enc\_part2 (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.enc_part2}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part]{krb5\_enc\_kdc\_rep\_part}} * \bfcode{krb5\_kdc\_rep.enc\_part2}} +Unencrypted version, if available. + +\end{fulllineitems} + + + +\subsubsection{krb5\_kdc\_req} +\label{appdev/refs/types/krb5_kdc_req:krb5-kdc-req-struct}\label{appdev/refs/types/krb5_kdc_req:krb5-kdc-req}\label{appdev/refs/types/krb5_kdc_req::doc}\index{krb5\_kdc\_req (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}\pysigline{\bfcode{krb5\_kdc\_req}} +\end{fulllineitems} + + +C representation of KDC-REQ protocol message, including KDC-REQ-BODY. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_kdc_req:declaration} +typedef struct \_krb5\_kdc\_req krb5\_kdc\_req + + +\paragraph{Members} +\label{appdev/refs/types/krb5_kdc_req:members}\index{krb5\_kdc\_req.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_kdc\_req.magic}} +\end{fulllineitems} + +\index{krb5\_kdc\_req.msg\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.msg_type}\pysigline{{\hyperref[appdev/refs/types/krb5_msgtype:c.krb5_msgtype]{krb5\_msgtype}} \bfcode{krb5\_kdc\_req.msg\_type}} +KRB5\_AS\_REQ or KRB5\_TGS\_REQ. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.padata (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.padata}\pysigline{{\hyperref[appdev/refs/types/krb5_pa_data:c.krb5_pa_data]{krb5\_pa\_data}} ** \bfcode{krb5\_kdc\_req.padata}} +Preauthentication data. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.kdc\_options (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.kdc_options}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_kdc\_req.kdc\_options}} +Requested options. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.client (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.client}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_kdc\_req.client}} +Client principal and realm. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_kdc\_req.server}} +Server principal and realm. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.from (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.from}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_kdc\_req.from}} +Requested start time. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.till (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.till}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_kdc\_req.till}} +Requested end time. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.rtime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.rtime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_kdc\_req.rtime}} +Requested renewable end time. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.nonce (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.nonce}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_kdc\_req.nonce}} +Nonce to match request and response. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.nktypes (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.nktypes}\pysigline{int \bfcode{krb5\_kdc\_req.nktypes}} +Number of enctypes. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.ktype (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.ktype}\pysigline{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} * \bfcode{krb5\_kdc\_req.ktype}} +Requested enctypes. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.addresses (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.addresses}\pysigline{{\hyperref[appdev/refs/types/krb5_address:c.krb5_address]{krb5\_address}} ** \bfcode{krb5\_kdc\_req.addresses}} +Requested addresses (optional) + +\end{fulllineitems} + +\index{krb5\_kdc\_req.authorization\_data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.authorization_data}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_kdc\_req.authorization\_data}} +Encrypted authz data (optional) + +\end{fulllineitems} + +\index{krb5\_kdc\_req.unenc\_authdata (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.unenc_authdata}\pysigline{{\hyperref[appdev/refs/types/krb5_authdata:c.krb5_authdata]{krb5\_authdata}} ** \bfcode{krb5\_kdc\_req.unenc\_authdata}} +Unencrypted authz data. + +\end{fulllineitems} + +\index{krb5\_kdc\_req.second\_ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.second_ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} ** \bfcode{krb5\_kdc\_req.second\_ticket}} +Second ticket array (optional) + +\end{fulllineitems} + + + +\subsubsection{krb5\_keyblock} +\label{appdev/refs/types/krb5_keyblock:krb5-keyblock}\label{appdev/refs/types/krb5_keyblock::doc}\label{appdev/refs/types/krb5_keyblock:krb5-keyblock-struct}\index{krb5\_keyblock (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}\pysigline{\bfcode{krb5\_keyblock}} +\end{fulllineitems} + + +Exposed contents of a key. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_keyblock:declaration} +typedef struct \_krb5\_keyblock krb5\_keyblock + + +\paragraph{Members} +\label{appdev/refs/types/krb5_keyblock:members}\index{krb5\_keyblock.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_keyblock.magic}} +\end{fulllineitems} + +\index{krb5\_keyblock.enctype (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.enctype}\pysigline{{\hyperref[appdev/refs/types/krb5_enctype:c.krb5_enctype]{krb5\_enctype}} \bfcode{krb5\_keyblock.enctype}} +\end{fulllineitems} + +\index{krb5\_keyblock.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.length}\pysigline{unsigned int \bfcode{krb5\_keyblock.length}} +\end{fulllineitems} + +\index{krb5\_keyblock.contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.contents}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_keyblock.contents}} +\end{fulllineitems} + + + +\subsubsection{krb5\_keytab\_entry} +\label{appdev/refs/types/krb5_keytab_entry:krb5-keytab-entry}\label{appdev/refs/types/krb5_keytab_entry:krb5-keytab-entry-struct}\label{appdev/refs/types/krb5_keytab_entry::doc}\index{krb5\_keytab\_entry (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}\pysigline{\bfcode{krb5\_keytab\_entry}} +\end{fulllineitems} + + +A key table entry. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_keytab_entry:declaration} +typedef struct krb5\_keytab\_entry\_st krb5\_keytab\_entry + + +\paragraph{Members} +\label{appdev/refs/types/krb5_keytab_entry:members}\index{krb5\_keytab\_entry.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_keytab\_entry.magic}} +\end{fulllineitems} + +\index{krb5\_keytab\_entry.principal (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.principal}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_keytab\_entry.principal}} +Principal of this key. + +\end{fulllineitems} + +\index{krb5\_keytab\_entry.timestamp (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.timestamp}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_keytab\_entry.timestamp}} +Time entry written to keytable. + +\end{fulllineitems} + +\index{krb5\_keytab\_entry.vno (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.vno}\pysigline{{\hyperref[appdev/refs/types/krb5_kvno:c.krb5_kvno]{krb5\_kvno}} \bfcode{krb5\_keytab\_entry.vno}} +Key version number. + +\end{fulllineitems} + +\index{krb5\_keytab\_entry.key (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.key}\pysigline{{\hyperref[appdev/refs/types/krb5_keyblock:c.krb5_keyblock]{krb5\_keyblock}} \bfcode{krb5\_keytab\_entry.key}} +The secret key. + +\end{fulllineitems} + + + +\subsubsection{krb5\_keyusage} +\label{appdev/refs/types/krb5_keyusage:krb5-keyusage}\label{appdev/refs/types/krb5_keyusage::doc}\label{appdev/refs/types/krb5_keyusage:krb5-keyusage-struct}\index{krb5\_keyusage (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}\pysigline{\bfcode{krb5\_keyusage}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_keyusage:declaration} +typedef krb5\_int32 krb5\_keyusage + + +\subsubsection{krb5\_kt\_cursor} +\label{appdev/refs/types/krb5_kt_cursor:krb5-kt-cursor-struct}\label{appdev/refs/types/krb5_kt_cursor::doc}\label{appdev/refs/types/krb5_kt_cursor:krb5-kt-cursor}\index{krb5\_kt\_cursor (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor}\pysigline{\bfcode{krb5\_kt\_cursor}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_kt_cursor:declaration} +typedef krb5\_pointer krb5\_kt\_cursor + + +\subsubsection{krb5\_kvno} +\label{appdev/refs/types/krb5_kvno:krb5-kvno}\label{appdev/refs/types/krb5_kvno::doc}\label{appdev/refs/types/krb5_kvno:krb5-kvno-struct}\index{krb5\_kvno (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_kvno:c.krb5_kvno}\pysigline{\bfcode{krb5\_kvno}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_kvno:declaration} +typedef unsigned int krb5\_kvno + + +\subsubsection{krb5\_last\_req\_entry} +\label{appdev/refs/types/krb5_last_req_entry:krb5-last-req-entry}\label{appdev/refs/types/krb5_last_req_entry::doc}\label{appdev/refs/types/krb5_last_req_entry:krb5-last-req-entry-struct}\index{krb5\_last\_req\_entry (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}\pysigline{\bfcode{krb5\_last\_req\_entry}} +\end{fulllineitems} + + +Last request entry. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_last_req_entry:declaration} +typedef struct \_krb5\_last\_req\_entry krb5\_last\_req\_entry + + +\paragraph{Members} +\label{appdev/refs/types/krb5_last_req_entry:members}\index{krb5\_last\_req\_entry.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_last\_req\_entry.magic}} +\end{fulllineitems} + +\index{krb5\_last\_req\_entry.lr\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.lr_type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_last\_req\_entry.lr\_type}} +LR type. + +\end{fulllineitems} + +\index{krb5\_last\_req\_entry.value (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.value}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_last\_req\_entry.value}} +Timestamp. + +\end{fulllineitems} + + + +\subsubsection{krb5\_magic} +\label{appdev/refs/types/krb5_magic:krb5-magic}\label{appdev/refs/types/krb5_magic::doc}\label{appdev/refs/types/krb5_magic:krb5-magic-struct}\index{krb5\_magic (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_magic:c.krb5_magic}\pysigline{\bfcode{krb5\_magic}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_magic:declaration} +typedef krb5\_error\_code krb5\_magic + + +\subsubsection{krb5\_mk\_req\_checksum\_func} +\label{appdev/refs/types/krb5_mk_req_checksum_func:krb5-mk-req-checksum-func-struct}\label{appdev/refs/types/krb5_mk_req_checksum_func::doc}\label{appdev/refs/types/krb5_mk_req_checksum_func:krb5-mk-req-checksum-func}\index{krb5\_mk\_req\_checksum\_func (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func}\pysigline{\bfcode{krb5\_mk\_req\_checksum\_func}} +\end{fulllineitems} + + +Type of function used as a callback to generate checksum data for mk\_req. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_mk_req_checksum_func:declaration} +typedef krb5\_error\_code( * krb5\_mk\_req\_checksum\_func)(krb5\_context, krb5\_auth\_context, void *, krb5\_data **) + + +\subsubsection{krb5\_msgtype} +\label{appdev/refs/types/krb5_msgtype:krb5-msgtype}\label{appdev/refs/types/krb5_msgtype::doc}\label{appdev/refs/types/krb5_msgtype:krb5-msgtype-struct}\index{krb5\_msgtype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_msgtype:c.krb5_msgtype}\pysigline{\bfcode{krb5\_msgtype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_msgtype:declaration} +typedef unsigned int krb5\_msgtype + + +\subsubsection{krb5\_octet} +\label{appdev/refs/types/krb5_octet:krb5-octet-struct}\label{appdev/refs/types/krb5_octet:krb5-octet}\label{appdev/refs/types/krb5_octet::doc}\index{krb5\_octet (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_octet:c.krb5_octet}\pysigline{\bfcode{krb5\_octet}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_octet:declaration} +typedef uint8\_t krb5\_octet + + +\subsubsection{krb5\_pa\_pac\_req} +\label{appdev/refs/types/krb5_pa_pac_req:krb5-pa-pac-req-struct}\label{appdev/refs/types/krb5_pa_pac_req::doc}\label{appdev/refs/types/krb5_pa_pac_req:krb5-pa-pac-req}\index{krb5\_pa\_pac\_req (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_pac_req:c.krb5_pa_pac_req}\pysigline{\bfcode{krb5\_pa\_pac\_req}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pa_pac_req:declaration} +typedef struct \_krb5\_pa\_pac\_req krb5\_pa\_pac\_req + + +\paragraph{Members} +\label{appdev/refs/types/krb5_pa_pac_req:members}\index{krb5\_pa\_pac\_req.include\_pac (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_pac_req:c.krb5_pa_pac_req.include_pac}\pysigline{{\hyperref[appdev/refs/types/krb5_boolean:c.krb5_boolean]{krb5\_boolean}} \bfcode{krb5\_pa\_pac\_req.include\_pac}} +TRUE if a PAC should be included in TGS-REP. + +\end{fulllineitems} + + + +\subsubsection{krb5\_pa\_server\_referral\_data} +\label{appdev/refs/types/krb5_pa_server_referral_data:krb5-pa-server-referral-data-struct}\label{appdev/refs/types/krb5_pa_server_referral_data::doc}\label{appdev/refs/types/krb5_pa_server_referral_data:krb5-pa-server-referral-data}\index{krb5\_pa\_server\_referral\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}\pysigline{\bfcode{krb5\_pa\_server\_referral\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pa_server_referral_data:declaration} +typedef struct \_krb5\_pa\_server\_referral\_data krb5\_pa\_server\_referral\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_pa_server_referral_data:members}\index{krb5\_pa\_server\_referral\_data.referred\_realm (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.referred_realm}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_pa\_server\_referral\_data.referred\_realm}} +\end{fulllineitems} + +\index{krb5\_pa\_server\_referral\_data.true\_principal\_name (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.true_principal_name}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_pa\_server\_referral\_data.true\_principal\_name}} +\end{fulllineitems} + +\index{krb5\_pa\_server\_referral\_data.requested\_principal\_name (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.requested_principal_name}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_pa\_server\_referral\_data.requested\_principal\_name}} +\end{fulllineitems} + +\index{krb5\_pa\_server\_referral\_data.referral\_valid\_until (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.referral_valid_until}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_pa\_server\_referral\_data.referral\_valid\_until}} +\end{fulllineitems} + +\index{krb5\_pa\_server\_referral\_data.rep\_cksum (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.rep_cksum}\pysigline{{\hyperref[appdev/refs/types/krb5_checksum:c.krb5_checksum]{krb5\_checksum}} \bfcode{krb5\_pa\_server\_referral\_data.rep\_cksum}} +\end{fulllineitems} + + + +\subsubsection{krb5\_pa\_svr\_referral\_data} +\label{appdev/refs/types/krb5_pa_svr_referral_data:krb5-pa-svr-referral-data}\label{appdev/refs/types/krb5_pa_svr_referral_data::doc}\label{appdev/refs/types/krb5_pa_svr_referral_data:krb5-pa-svr-referral-data-struct}\index{krb5\_pa\_svr\_referral\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_svr_referral_data:c.krb5_pa_svr_referral_data}\pysigline{\bfcode{krb5\_pa\_svr\_referral\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pa_svr_referral_data:declaration} +typedef struct \_krb5\_pa\_svr\_referral\_data krb5\_pa\_svr\_referral\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_pa_svr_referral_data:members}\index{krb5\_pa\_svr\_referral\_data.principal (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_svr_referral_data:c.krb5_pa_svr_referral_data.principal}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_pa\_svr\_referral\_data.principal}} +Referred name, only realm is required. + +\end{fulllineitems} + + + +\subsubsection{krb5\_pa\_data} +\label{appdev/refs/types/krb5_pa_data:krb5-pa-data}\label{appdev/refs/types/krb5_pa_data:krb5-pa-data-struct}\label{appdev/refs/types/krb5_pa_data::doc}\index{krb5\_pa\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}\pysigline{\bfcode{krb5\_pa\_data}} +\end{fulllineitems} + + +Pre-authentication data. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pa_data:declaration} +typedef struct \_krb5\_pa\_data krb5\_pa\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_pa_data:members}\index{krb5\_pa\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_pa\_data.magic}} +\end{fulllineitems} + +\index{krb5\_pa\_data.pa\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.pa_type}\pysigline{{\hyperref[appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype]{krb5\_preauthtype}} \bfcode{krb5\_pa\_data.pa\_type}} +Preauthentication data type. + +\end{fulllineitems} + +\index{krb5\_pa\_data.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.length}\pysigline{unsigned int \bfcode{krb5\_pa\_data.length}} +Length of data. + +\end{fulllineitems} + +\index{krb5\_pa\_data.contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.contents}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_pa\_data.contents}} +Data. + +\end{fulllineitems} + + + +\subsubsection{krb5\_pointer} +\label{appdev/refs/types/krb5_pointer:krb5-pointer-struct}\label{appdev/refs/types/krb5_pointer:krb5-pointer}\label{appdev/refs/types/krb5_pointer::doc}\index{krb5\_pointer (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pointer:c.krb5_pointer}\pysigline{\bfcode{krb5\_pointer}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pointer:declaration} +typedef void* krb5\_pointer + + +\subsubsection{krb5\_post\_recv\_fn} +\label{appdev/refs/types/krb5_post_recv_fn:krb5-post-recv-fn}\label{appdev/refs/types/krb5_post_recv_fn:krb5-post-recv-fn-struct}\label{appdev/refs/types/krb5_post_recv_fn::doc}\index{krb5\_post\_recv\_fn (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_post_recv_fn:c.krb5_post_recv_fn}\pysigline{\bfcode{krb5\_post\_recv\_fn}} +\end{fulllineitems} + + +Hook function for inspecting or overriding KDC replies. + +If \emph{code} is non-zero, KDC communication failed and \emph{reply} should be ignored. The hook function may return \emph{code} or a different error code, or may synthesize a reply by setting \emph{new\_reply\_out} and return successfully. +The hook function should use {\hyperref[appdev/refs/api/krb5_copy_data:c.krb5_copy_data]{\code{krb5\_copy\_data()}}} to construct the value for \emph{new\_reply\_out} , to ensure that it can be freed correctly by the library. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_post_recv_fn:declaration} +typedef krb5\_error\_code( * krb5\_post\_recv\_fn)(krb5\_context context, void *data, krb5\_error\_code code, const krb5\_data *realm, const krb5\_data *message, const krb5\_data *reply, krb5\_data **new\_reply\_out) + + +\subsubsection{krb5\_pre\_send\_fn} +\label{appdev/refs/types/krb5_pre_send_fn:krb5-pre-send-fn-struct}\label{appdev/refs/types/krb5_pre_send_fn::doc}\label{appdev/refs/types/krb5_pre_send_fn:krb5-pre-send-fn}\index{krb5\_pre\_send\_fn (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pre_send_fn:c.krb5_pre_send_fn}\pysigline{\bfcode{krb5\_pre\_send\_fn}} +\end{fulllineitems} + + +Hook function for inspecting or modifying messages sent to KDCs. + +If the hook function sets \emph{reply\_out} , \emph{message} will not be sent to the KDC, and the given reply will used instead. +If the hook function sets \emph{new\_message\_out} , the given message will be sent to the KDC in place of \emph{message} . +If the hook function returns successfully without setting either output, \emph{message} will be sent to the KDC normally. +The hook function should use {\hyperref[appdev/refs/api/krb5_copy_data:c.krb5_copy_data]{\code{krb5\_copy\_data()}}} to construct the value for \emph{new\_message\_out} or \emph{reply\_out} , to ensure that it can be freed correctly by the library. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pre_send_fn:declaration} +typedef krb5\_error\_code( * krb5\_pre\_send\_fn)(krb5\_context context, void *data, const krb5\_data *realm, const krb5\_data *message, krb5\_data **new\_message\_out, krb5\_data **new\_reply\_out) + + +\subsubsection{krb5\_preauthtype} +\label{appdev/refs/types/krb5_preauthtype::doc}\label{appdev/refs/types/krb5_preauthtype:krb5-preauthtype}\label{appdev/refs/types/krb5_preauthtype:krb5-preauthtype-struct}\index{krb5\_preauthtype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}\pysigline{\bfcode{krb5\_preauthtype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_preauthtype:declaration} +typedef krb5\_int32 krb5\_preauthtype + + +\subsubsection{krb5\_principal} +\label{appdev/refs/types/krb5_principal:krb5-principal-struct}\label{appdev/refs/types/krb5_principal:krb5-principal}\label{appdev/refs/types/krb5_principal::doc}\index{krb5\_principal (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal}\pysigline{\bfcode{krb5\_principal}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_principal:declaration} +typedef krb5\_principal\_data* krb5\_principal + + +\paragraph{Members} +\label{appdev/refs/types/krb5_principal:members}\index{krb5\_principal.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_principal.magic}} +\end{fulllineitems} + +\index{krb5\_principal.realm (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal.realm}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_principal.realm}} +\end{fulllineitems} + +\index{krb5\_principal.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal.data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_principal.data}} +An array of strings. + +\end{fulllineitems} + +\index{krb5\_principal.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal.length}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_principal.length}} +\end{fulllineitems} + +\index{krb5\_principal.type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal:c.krb5_principal.type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_principal.type}} +\end{fulllineitems} + + + +\subsubsection{krb5\_principal\_data} +\label{appdev/refs/types/krb5_principal_data:krb5-principal-data}\label{appdev/refs/types/krb5_principal_data::doc}\label{appdev/refs/types/krb5_principal_data:krb5-principal-data-struct}\index{krb5\_principal\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}\pysigline{\bfcode{krb5\_principal\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_principal_data:declaration} +typedef struct krb5\_principal\_data krb5\_principal\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_principal_data:members}\index{krb5\_principal\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_principal\_data.magic}} +\end{fulllineitems} + +\index{krb5\_principal\_data.realm (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.realm}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_principal\_data.realm}} +\end{fulllineitems} + +\index{krb5\_principal\_data.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_principal\_data.data}} +An array of strings. + +\end{fulllineitems} + +\index{krb5\_principal\_data.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.length}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_principal\_data.length}} +\end{fulllineitems} + +\index{krb5\_principal\_data.type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_principal\_data.type}} +\end{fulllineitems} + + + +\subsubsection{krb5\_const\_principal} +\label{appdev/refs/types/krb5_const_principal:krb5-const-principal-struct}\label{appdev/refs/types/krb5_const_principal:krb5-const-principal}\label{appdev/refs/types/krb5_const_principal::doc}\index{krb5\_const\_principal (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}\pysigline{\bfcode{krb5\_const\_principal}} +\end{fulllineitems} + + +Constant version of {\hyperref[appdev/refs/types/krb5_principal_data:c.krb5_principal_data]{\code{krb5\_principal\_data}}} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_const_principal:declaration} +typedef const krb5\_principal\_data* krb5\_const\_principal + + +\paragraph{Members} +\label{appdev/refs/types/krb5_const_principal:members}\index{krb5\_const\_principal.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_const\_principal.magic}} +\end{fulllineitems} + +\index{krb5\_const\_principal.realm (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.realm}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_const\_principal.realm}} +\end{fulllineitems} + +\index{krb5\_const\_principal.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.data}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_const\_principal.data}} +An array of strings. + +\end{fulllineitems} + +\index{krb5\_const\_principal.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.length}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_const\_principal.length}} +\end{fulllineitems} + +\index{krb5\_const\_principal.type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_const\_principal.type}} +\end{fulllineitems} + + + +\subsubsection{krb5\_prompt} +\label{appdev/refs/types/krb5_prompt:krb5-prompt}\label{appdev/refs/types/krb5_prompt::doc}\label{appdev/refs/types/krb5_prompt:krb5-prompt-struct}\index{krb5\_prompt (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompt:c.krb5_prompt}\pysigline{\bfcode{krb5\_prompt}} +\end{fulllineitems} + + +Text for prompt used in prompter callback function. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_prompt:declaration} +typedef struct \_krb5\_prompt krb5\_prompt + + +\paragraph{Members} +\label{appdev/refs/types/krb5_prompt:members}\index{krb5\_prompt.prompt (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompt:c.krb5_prompt.prompt}\pysigline{char * \bfcode{krb5\_prompt.prompt}} +The prompt to show to the user. + +\end{fulllineitems} + +\index{krb5\_prompt.hidden (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompt:c.krb5_prompt.hidden}\pysigline{int \bfcode{krb5\_prompt.hidden}} +Boolean; informative prompt or hidden (e.g. +PIN) + +\end{fulllineitems} + +\index{krb5\_prompt.reply (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompt:c.krb5_prompt.reply}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{krb5\_prompt.reply}} +Must be allocated before call to prompt routine. + +\end{fulllineitems} + + + +\subsubsection{krb5\_prompt\_type} +\label{appdev/refs/types/krb5_prompt_type:krb5-prompt-type-struct}\label{appdev/refs/types/krb5_prompt_type:krb5-prompt-type}\label{appdev/refs/types/krb5_prompt_type::doc}\index{krb5\_prompt\_type (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompt_type:c.krb5_prompt_type}\pysigline{\bfcode{krb5\_prompt\_type}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_prompt_type:declaration} +typedef krb5\_int32 krb5\_prompt\_type + + +\subsubsection{krb5\_prompter\_fct} +\label{appdev/refs/types/krb5_prompter_fct:krb5-prompter-fct-struct}\label{appdev/refs/types/krb5_prompter_fct:krb5-prompter-fct}\label{appdev/refs/types/krb5_prompter_fct::doc}\index{krb5\_prompter\_fct (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct}\pysigline{\bfcode{krb5\_prompter\_fct}} +\end{fulllineitems} + + +Pointer to a prompter callback function. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_prompter_fct:declaration} +typedef krb5\_error\_code( * krb5\_prompter\_fct)(krb5\_context context, void *data, const char *name, const char *banner, int num\_prompts, krb5\_prompt prompts{[}{]}) + + +\subsubsection{krb5\_pwd\_data} +\label{appdev/refs/types/krb5_pwd_data:krb5-pwd-data}\label{appdev/refs/types/krb5_pwd_data::doc}\label{appdev/refs/types/krb5_pwd_data:krb5-pwd-data-struct}\index{krb5\_pwd\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data}\pysigline{\bfcode{krb5\_pwd\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pwd_data:declaration} +typedef struct \_krb5\_pwd\_data krb5\_pwd\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_pwd_data:members}\index{krb5\_pwd\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_pwd\_data.magic}} +\end{fulllineitems} + +\index{krb5\_pwd\_data.sequence\_count (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.sequence_count}\pysigline{int \bfcode{krb5\_pwd\_data.sequence\_count}} +\end{fulllineitems} + +\index{krb5\_pwd\_data.element (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.element}\pysigline{{\hyperref[appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element]{passwd\_phrase\_element}} ** \bfcode{krb5\_pwd\_data.element}} +\end{fulllineitems} + + + +\subsubsection{krb5\_responder\_context} +\label{appdev/refs/types/krb5_responder_context:krb5-responder-context-struct}\label{appdev/refs/types/krb5_responder_context::doc}\label{appdev/refs/types/krb5_responder_context:krb5-responder-context}\index{krb5\_responder\_context (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}\pysigline{\bfcode{krb5\_responder\_context}} +\end{fulllineitems} + + +A container for a set of preauthentication questions and answers. + +A responder context is supplied by the krb5 authentication system to a {\hyperref[appdev/refs/types/krb5_responder_fn:c.krb5_responder_fn]{\code{krb5\_responder\_fn}}} callback. It contains a list of questions and can receive answers. Questions contained in a responder context can be listed using {\hyperref[appdev/refs/api/krb5_responder_list_questions:c.krb5_responder_list_questions]{\code{krb5\_responder\_list\_questions()}}} , retrieved using {\hyperref[appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge]{\code{krb5\_responder\_get\_challenge()}}} , or answered using {\hyperref[appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer]{\code{krb5\_responder\_set\_answer()}}} . The form of a question's challenge and answer depend on the question name. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_context:declaration} +typedef struct krb5\_responder\_context\_st* krb5\_responder\_context + + +\subsubsection{krb5\_responder\_fn} +\label{appdev/refs/types/krb5_responder_fn:krb5-responder-fn-struct}\label{appdev/refs/types/krb5_responder_fn::doc}\label{appdev/refs/types/krb5_responder_fn:krb5-responder-fn}\index{krb5\_responder\_fn (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_fn:c.krb5_responder_fn}\pysigline{\bfcode{krb5\_responder\_fn}} +\end{fulllineitems} + + +Responder function for an initial credential exchange. + +If a required question is unanswered, the prompter may be called. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_fn:declaration} +typedef krb5\_error\_code( * krb5\_responder\_fn)(krb5\_context ctx, void *data, krb5\_responder\_context rctx) + + +\subsubsection{krb5\_responder\_otp\_challenge} +\label{appdev/refs/types/krb5_responder_otp_challenge:krb5-responder-otp-challenge}\label{appdev/refs/types/krb5_responder_otp_challenge:krb5-responder-otp-challenge-struct}\label{appdev/refs/types/krb5_responder_otp_challenge::doc}\index{krb5\_responder\_otp\_challenge (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}\pysigline{\bfcode{krb5\_responder\_otp\_challenge}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_otp_challenge:declaration} +typedef struct \_krb5\_responder\_otp\_challenge krb5\_responder\_otp\_challenge + + +\paragraph{Members} +\label{appdev/refs/types/krb5_responder_otp_challenge:members}\index{krb5\_responder\_otp\_challenge.service (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge.service}\pysigline{char * \bfcode{krb5\_responder\_otp\_challenge.service}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_challenge.tokeninfo (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge.tokeninfo}\pysigline{{\hyperref[appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo]{krb5\_responder\_otp\_tokeninfo}} ** \bfcode{krb5\_responder\_otp\_challenge.tokeninfo}} +\end{fulllineitems} + + + +\subsubsection{krb5\_responder\_otp\_tokeninfo} +\label{appdev/refs/types/krb5_responder_otp_tokeninfo:krb5-responder-otp-tokeninfo}\label{appdev/refs/types/krb5_responder_otp_tokeninfo:krb5-responder-otp-tokeninfo-struct}\label{appdev/refs/types/krb5_responder_otp_tokeninfo::doc}\index{krb5\_responder\_otp\_tokeninfo (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}\pysigline{\bfcode{krb5\_responder\_otp\_tokeninfo}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_otp_tokeninfo:declaration} +typedef struct \_krb5\_responder\_otp\_tokeninfo krb5\_responder\_otp\_tokeninfo + + +\paragraph{Members} +\label{appdev/refs/types/krb5_responder_otp_tokeninfo:members}\index{krb5\_responder\_otp\_tokeninfo.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_responder\_otp\_tokeninfo.flags}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.format (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.format}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_responder\_otp\_tokeninfo.format}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.length}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_responder\_otp\_tokeninfo.length}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.vendor (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.vendor}\pysigline{char * \bfcode{krb5\_responder\_otp\_tokeninfo.vendor}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.challenge (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.challenge}\pysigline{char * \bfcode{krb5\_responder\_otp\_tokeninfo.challenge}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.token\_id (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.token_id}\pysigline{char * \bfcode{krb5\_responder\_otp\_tokeninfo.token\_id}} +\end{fulllineitems} + +\index{krb5\_responder\_otp\_tokeninfo.alg\_id (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.alg_id}\pysigline{char * \bfcode{krb5\_responder\_otp\_tokeninfo.alg\_id}} +\end{fulllineitems} + + + +\subsubsection{krb5\_responder\_pkinit\_challenge} +\label{appdev/refs/types/krb5_responder_pkinit_challenge:krb5-responder-pkinit-challenge-struct}\label{appdev/refs/types/krb5_responder_pkinit_challenge::doc}\label{appdev/refs/types/krb5_responder_pkinit_challenge:krb5-responder-pkinit-challenge}\index{krb5\_responder\_pkinit\_challenge (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge}\pysigline{\bfcode{krb5\_responder\_pkinit\_challenge}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_pkinit_challenge:declaration} +typedef struct \_krb5\_responder\_pkinit\_challenge krb5\_responder\_pkinit\_challenge + + +\paragraph{Members} +\label{appdev/refs/types/krb5_responder_pkinit_challenge:members}\index{krb5\_responder\_pkinit\_challenge.identities (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge.identities}\pysigline{{\hyperref[appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity]{krb5\_responder\_pkinit\_identity}} ** \bfcode{krb5\_responder\_pkinit\_challenge.identities}} +\end{fulllineitems} + + + +\subsubsection{krb5\_responder\_pkinit\_identity} +\label{appdev/refs/types/krb5_responder_pkinit_identity:krb5-responder-pkinit-identity}\label{appdev/refs/types/krb5_responder_pkinit_identity::doc}\label{appdev/refs/types/krb5_responder_pkinit_identity:krb5-responder-pkinit-identity-struct}\index{krb5\_responder\_pkinit\_identity (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity}\pysigline{\bfcode{krb5\_responder\_pkinit\_identity}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_responder_pkinit_identity:declaration} +typedef struct \_krb5\_responder\_pkinit\_identity krb5\_responder\_pkinit\_identity + + +\paragraph{Members} +\label{appdev/refs/types/krb5_responder_pkinit_identity:members}\index{krb5\_responder\_pkinit\_identity.identity (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity.identity}\pysigline{char * \bfcode{krb5\_responder\_pkinit\_identity.identity}} +\end{fulllineitems} + +\index{krb5\_responder\_pkinit\_identity.token\_flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity.token_flags}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_responder\_pkinit\_identity.token\_flags}} +\end{fulllineitems} + + + +\subsubsection{krb5\_response} +\label{appdev/refs/types/krb5_response::doc}\label{appdev/refs/types/krb5_response:krb5-response}\label{appdev/refs/types/krb5_response:krb5-response-struct}\index{krb5\_response (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response}\pysigline{\bfcode{krb5\_response}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_response:declaration} +typedef struct \_krb5\_response krb5\_response + + +\paragraph{Members} +\label{appdev/refs/types/krb5_response:members}\index{krb5\_response.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_response.magic}} +\end{fulllineitems} + +\index{krb5\_response.message\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response.message_type}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} \bfcode{krb5\_response.message\_type}} +\end{fulllineitems} + +\index{krb5\_response.response (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response.response}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_response.response}} +\end{fulllineitems} + +\index{krb5\_response.expected\_nonce (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response.expected_nonce}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_response.expected\_nonce}} +\end{fulllineitems} + +\index{krb5\_response.request\_time (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_response:c.krb5_response.request_time}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_response.request\_time}} +\end{fulllineitems} + + + +\subsubsection{krb5\_replay\_data} +\label{appdev/refs/types/krb5_replay_data:krb5-replay-data}\label{appdev/refs/types/krb5_replay_data:krb5-replay-data-struct}\label{appdev/refs/types/krb5_replay_data::doc}\index{krb5\_replay\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}\pysigline{\bfcode{krb5\_replay\_data}} +\end{fulllineitems} + + +Replay data. + +Sequence number and timestamp information output by {\hyperref[appdev/refs/api/krb5_rd_priv:c.krb5_rd_priv]{\code{krb5\_rd\_priv()}}} and {\hyperref[appdev/refs/api/krb5_rd_safe:c.krb5_rd_safe]{\code{krb5\_rd\_safe()}}} . + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_replay_data:declaration} +typedef struct krb5\_replay\_data krb5\_replay\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_replay_data:members}\index{krb5\_replay\_data.timestamp (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.timestamp}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_replay\_data.timestamp}} +Timestamp, seconds portion. + +\end{fulllineitems} + +\index{krb5\_replay\_data.usec (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.usec}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_replay\_data.usec}} +Timestamp, microseconds portion. + +\end{fulllineitems} + +\index{krb5\_replay\_data.seq (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.seq}\pysigline{{\hyperref[appdev/refs/types/krb5_ui_4:c.krb5_ui_4]{krb5\_ui\_4}} \bfcode{krb5\_replay\_data.seq}} +Sequence number. + +\end{fulllineitems} + + + +\subsubsection{krb5\_ticket} +\label{appdev/refs/types/krb5_ticket:krb5-ticket}\label{appdev/refs/types/krb5_ticket::doc}\label{appdev/refs/types/krb5_ticket:krb5-ticket-struct}\index{krb5\_ticket (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket:c.krb5_ticket}\pysigline{\bfcode{krb5\_ticket}} +\end{fulllineitems} + + +Ticket structure. + +The C representation of the ticket message, with a pointer to the C representation of the encrypted part. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ticket:declaration} +typedef struct \_krb5\_ticket krb5\_ticket + + +\paragraph{Members} +\label{appdev/refs/types/krb5_ticket:members}\index{krb5\_ticket.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket:c.krb5_ticket.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_ticket.magic}} +\end{fulllineitems} + +\index{krb5\_ticket.server (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket:c.krb5_ticket.server}\pysigline{{\hyperref[appdev/refs/types/krb5_principal:c.krb5_principal]{krb5\_principal}} \bfcode{krb5\_ticket.server}} +server name/realm + +\end{fulllineitems} + +\index{krb5\_ticket.enc\_part (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket:c.krb5_ticket.enc_part}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_data:c.krb5_enc_data]{krb5\_enc\_data}} \bfcode{krb5\_ticket.enc\_part}} +encryption type, kvno, encrypted encoding + +\end{fulllineitems} + +\index{krb5\_ticket.enc\_part2 (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket:c.krb5_ticket.enc_part2}\pysigline{{\hyperref[appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part]{krb5\_enc\_tkt\_part}} * \bfcode{krb5\_ticket.enc\_part2}} +ptr to decrypted version, if available + +\end{fulllineitems} + + + +\subsubsection{krb5\_ticket\_times} +\label{appdev/refs/types/krb5_ticket_times:krb5-ticket-times}\label{appdev/refs/types/krb5_ticket_times:krb5-ticket-times-struct}\label{appdev/refs/types/krb5_ticket_times::doc}\index{krb5\_ticket\_times (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}\pysigline{\bfcode{krb5\_ticket\_times}} +\end{fulllineitems} + + +Ticket start time, end time, and renewal duration. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ticket_times:declaration} +typedef struct \_krb5\_ticket\_times krb5\_ticket\_times + + +\paragraph{Members} +\label{appdev/refs/types/krb5_ticket_times:members}\index{krb5\_ticket\_times.authtime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.authtime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_ticket\_times.authtime}} +Time at which KDC issued the initial ticket that corresponds to this ticket. + +\end{fulllineitems} + +\index{krb5\_ticket\_times.starttime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.starttime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_ticket\_times.starttime}} +optional in ticket, if not present, use \emph{authtime} + +\end{fulllineitems} + +\index{krb5\_ticket\_times.endtime (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.endtime}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_ticket\_times.endtime}} +Ticket expiration time. + +\end{fulllineitems} + +\index{krb5\_ticket\_times.renew\_till (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.renew_till}\pysigline{{\hyperref[appdev/refs/types/krb5_timestamp:c.krb5_timestamp]{krb5\_timestamp}} \bfcode{krb5\_ticket\_times.renew\_till}} +Latest time at which renewal of ticket can be valid. + +\end{fulllineitems} + + + +\subsubsection{krb5\_timestamp} +\label{appdev/refs/types/krb5_timestamp:krb5-timestamp-struct}\label{appdev/refs/types/krb5_timestamp::doc}\label{appdev/refs/types/krb5_timestamp:krb5-timestamp}\index{krb5\_timestamp (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}\pysigline{\bfcode{krb5\_timestamp}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_timestamp:declaration} +typedef krb5\_int32 krb5\_timestamp + + +\subsubsection{krb5\_tkt\_authent} +\label{appdev/refs/types/krb5_tkt_authent:krb5-tkt-authent}\label{appdev/refs/types/krb5_tkt_authent:krb5-tkt-authent-struct}\label{appdev/refs/types/krb5_tkt_authent::doc}\index{krb5\_tkt\_authent (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}\pysigline{\bfcode{krb5\_tkt\_authent}} +\end{fulllineitems} + + +Ticket authentication data. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_tkt_authent:declaration} +typedef struct \_krb5\_tkt\_authent krb5\_tkt\_authent + + +\paragraph{Members} +\label{appdev/refs/types/krb5_tkt_authent:members}\index{krb5\_tkt\_authent.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_tkt\_authent.magic}} +\end{fulllineitems} + +\index{krb5\_tkt\_authent.ticket (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.ticket}\pysigline{{\hyperref[appdev/refs/types/krb5_ticket:c.krb5_ticket]{krb5\_ticket}} * \bfcode{krb5\_tkt\_authent.ticket}} +\end{fulllineitems} + +\index{krb5\_tkt\_authent.authenticator (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.authenticator}\pysigline{{\hyperref[appdev/refs/types/krb5_authenticator:c.krb5_authenticator]{krb5\_authenticator}} * \bfcode{krb5\_tkt\_authent.authenticator}} +\end{fulllineitems} + +\index{krb5\_tkt\_authent.ap\_options (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.ap_options}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_tkt\_authent.ap\_options}} +\end{fulllineitems} + + + +\subsubsection{krb5\_trace\_callback} +\label{appdev/refs/types/krb5_trace_callback:krb5-trace-callback-struct}\label{appdev/refs/types/krb5_trace_callback:krb5-trace-callback}\label{appdev/refs/types/krb5_trace_callback::doc}\index{krb5\_trace\_callback (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_trace_callback:c.krb5_trace_callback}\pysigline{\bfcode{krb5\_trace\_callback}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_trace_callback:declaration} +typedef void( * krb5\_trace\_callback)(krb5\_context context, const krb5\_trace\_info *info, void *cb\_data) + + +\subsubsection{krb5\_trace\_info} +\label{appdev/refs/types/krb5_trace_info:krb5-trace-info-struct}\label{appdev/refs/types/krb5_trace_info::doc}\label{appdev/refs/types/krb5_trace_info:krb5-trace-info}\index{krb5\_trace\_info (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_trace_info:c.krb5_trace_info}\pysigline{\bfcode{krb5\_trace\_info}} +\end{fulllineitems} + + +A wrapper for passing information to a \emph{krb5\_trace\_callback} . + +Currently, it only contains the formatted message as determined the the format string and arguments of the tracing macro, but it may be extended to contain more fields in the future. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_trace_info:declaration} +typedef struct \_krb5\_trace\_info krb5\_trace\_info + + +\paragraph{Members} +\label{appdev/refs/types/krb5_trace_info:members}\index{krb5\_trace\_info.message (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_trace_info:c.krb5_trace_info.message}\pysigline{const char * \bfcode{krb5\_trace\_info.message}} +\end{fulllineitems} + + + +\subsubsection{krb5\_transited} +\label{appdev/refs/types/krb5_transited:krb5-transited-struct}\label{appdev/refs/types/krb5_transited::doc}\label{appdev/refs/types/krb5_transited:krb5-transited}\index{krb5\_transited (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_transited:c.krb5_transited}\pysigline{\bfcode{krb5\_transited}} +\end{fulllineitems} + + +Structure for transited encoding. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_transited:declaration} +typedef struct \_krb5\_transited krb5\_transited + + +\paragraph{Members} +\label{appdev/refs/types/krb5_transited:members}\index{krb5\_transited.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_transited:c.krb5_transited.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_transited.magic}} +\end{fulllineitems} + +\index{krb5\_transited.tr\_type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_transited:c.krb5_transited.tr_type}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} \bfcode{krb5\_transited.tr\_type}} +Transited encoding type. + +\end{fulllineitems} + +\index{krb5\_transited.tr\_contents (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_transited:c.krb5_transited.tr_contents}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} \bfcode{krb5\_transited.tr\_contents}} +Contents. + +\end{fulllineitems} + + + +\subsubsection{krb5\_typed\_data} +\label{appdev/refs/types/krb5_typed_data:krb5-typed-data-struct}\label{appdev/refs/types/krb5_typed_data::doc}\label{appdev/refs/types/krb5_typed_data:krb5-typed-data}\index{krb5\_typed\_data (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}\pysigline{\bfcode{krb5\_typed\_data}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_typed_data:declaration} +typedef struct \_krb5\_typed\_data krb5\_typed\_data + + +\paragraph{Members} +\label{appdev/refs/types/krb5_typed_data:members}\index{krb5\_typed\_data.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{krb5\_typed\_data.magic}} +\end{fulllineitems} + +\index{krb5\_typed\_data.type (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.type}\pysigline{{\hyperref[appdev/refs/types/krb5_int32:c.krb5_int32]{krb5\_int32}} \bfcode{krb5\_typed\_data.type}} +\end{fulllineitems} + +\index{krb5\_typed\_data.length (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.length}\pysigline{unsigned int \bfcode{krb5\_typed\_data.length}} +\end{fulllineitems} + +\index{krb5\_typed\_data.data (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.data}\pysigline{{\hyperref[appdev/refs/types/krb5_octet:c.krb5_octet]{krb5\_octet}} * \bfcode{krb5\_typed\_data.data}} +\end{fulllineitems} + + + +\subsubsection{krb5\_ui\_2} +\label{appdev/refs/types/krb5_ui_2:krb5-ui-2-struct}\label{appdev/refs/types/krb5_ui_2::doc}\label{appdev/refs/types/krb5_ui_2:krb5-ui-2}\index{krb5\_ui\_2 (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ui_2:c.krb5_ui_2}\pysigline{\bfcode{krb5\_ui\_2}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ui_2:declaration} +typedef uint16\_t krb5\_ui\_2 + + +\subsubsection{krb5\_ui\_4} +\label{appdev/refs/types/krb5_ui_4:krb5-ui-4}\label{appdev/refs/types/krb5_ui_4:krb5-ui-4-struct}\label{appdev/refs/types/krb5_ui_4::doc}\index{krb5\_ui\_4 (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}\pysigline{\bfcode{krb5\_ui\_4}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ui_4:declaration} +typedef uint32\_t krb5\_ui\_4 + + +\subsubsection{krb5\_verify\_init\_creds\_opt} +\label{appdev/refs/types/krb5_verify_init_creds_opt:krb5-verify-init-creds-opt-struct}\label{appdev/refs/types/krb5_verify_init_creds_opt::doc}\label{appdev/refs/types/krb5_verify_init_creds_opt:krb5-verify-init-creds-opt}\index{krb5\_verify\_init\_creds\_opt (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}\pysigline{\bfcode{krb5\_verify\_init\_creds\_opt}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_verify_init_creds_opt:declaration} +typedef struct \_krb5\_verify\_init\_creds\_opt krb5\_verify\_init\_creds\_opt + + +\paragraph{Members} +\label{appdev/refs/types/krb5_verify_init_creds_opt:members}\index{krb5\_verify\_init\_creds\_opt.flags (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt.flags}\pysigline{{\hyperref[appdev/refs/types/krb5_flags:c.krb5_flags]{krb5\_flags}} \bfcode{krb5\_verify\_init\_creds\_opt.flags}} +\end{fulllineitems} + +\index{krb5\_verify\_init\_creds\_opt.ap\_req\_nofail (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt.ap_req_nofail}\pysigline{int \bfcode{krb5\_verify\_init\_creds\_opt.ap\_req\_nofail}} +boolean + +\end{fulllineitems} + + + +\subsubsection{passwd\_phrase\_element} +\label{appdev/refs/types/passwd_phrase_element:passwd-phrase-element-struct}\label{appdev/refs/types/passwd_phrase_element::doc}\label{appdev/refs/types/passwd_phrase_element:passwd-phrase-element}\index{passwd\_phrase\_element (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}\pysigline{\bfcode{passwd\_phrase\_element}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/passwd_phrase_element:declaration} +typedef struct \_passwd\_phrase\_element passwd\_phrase\_element + + +\paragraph{Members} +\label{appdev/refs/types/passwd_phrase_element:members}\index{passwd\_phrase\_element.magic (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.magic}\pysigline{{\hyperref[appdev/refs/types/krb5_magic:c.krb5_magic]{krb5\_magic}} \bfcode{passwd\_phrase\_element.magic}} +\end{fulllineitems} + +\index{passwd\_phrase\_element.passwd (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.passwd}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{passwd\_phrase\_element.passwd}} +\end{fulllineitems} + +\index{passwd\_phrase\_element.phrase (C member)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.phrase}\pysigline{{\hyperref[appdev/refs/types/krb5_data:c.krb5_data]{krb5\_data}} * \bfcode{passwd\_phrase\_element.phrase}} +\end{fulllineitems} + + + +\subsection{Internal} +\label{appdev/refs/types/index:internal} + +\subsubsection{krb5\_auth\_context} +\label{appdev/refs/types/krb5_auth_context:krb5-auth-context}\label{appdev/refs/types/krb5_auth_context::doc}\label{appdev/refs/types/krb5_auth_context:krb5-auth-context-struct}\index{krb5\_auth\_context (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}\pysigline{\bfcode{krb5\_auth\_context}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_auth_context:declaration} +typedef struct \_krb5\_auth\_context* krb5\_auth\_context + + +\subsubsection{krb5\_cksumtype} +\label{appdev/refs/types/krb5_cksumtype:krb5-cksumtype}\label{appdev/refs/types/krb5_cksumtype:krb5-cksumtype-struct}\label{appdev/refs/types/krb5_cksumtype::doc}\index{krb5\_cksumtype (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}\pysigline{\bfcode{krb5\_cksumtype}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cksumtype:declaration} +typedef krb5\_int32 krb5\_cksumtype + + +\subsubsection{krb5\_context} +\label{appdev/refs/types/krb5_context:krb5-context}\label{appdev/refs/types/krb5_context:krb5-context-struct}\label{appdev/refs/types/krb5_context::doc}\index{krb5\_context (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_context:c.krb5_context}\pysigline{\bfcode{krb5\_context}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_context:declaration} +typedef struct \_krb5\_context* krb5\_context + + +\subsubsection{krb5\_cc\_cursor} +\label{appdev/refs/types/krb5_cc_cursor:krb5-cc-cursor-struct}\label{appdev/refs/types/krb5_cc_cursor:krb5-cc-cursor}\label{appdev/refs/types/krb5_cc_cursor::doc}\index{krb5\_cc\_cursor (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor}\pysigline{\bfcode{krb5\_cc\_cursor}} +\end{fulllineitems} + + +Cursor for sequential lookup. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cc_cursor:declaration} +typedef krb5\_pointer krb5\_cc\_cursor + + +\subsubsection{krb5\_ccache} +\label{appdev/refs/types/krb5_ccache:krb5-ccache-struct}\label{appdev/refs/types/krb5_ccache::doc}\label{appdev/refs/types/krb5_ccache:krb5-ccache}\index{krb5\_ccache (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_ccache:c.krb5_ccache}\pysigline{\bfcode{krb5\_ccache}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_ccache:declaration} +typedef struct \_krb5\_ccache* krb5\_ccache + + +\subsubsection{krb5\_cccol\_cursor} +\label{appdev/refs/types/krb5_cccol_cursor:krb5-cccol-cursor-struct}\label{appdev/refs/types/krb5_cccol_cursor::doc}\label{appdev/refs/types/krb5_cccol_cursor:krb5-cccol-cursor}\index{krb5\_cccol\_cursor (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor}\pysigline{\bfcode{krb5\_cccol\_cursor}} +\end{fulllineitems} + + +Cursor for iterating over all ccaches. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_cccol_cursor:declaration} +typedef struct \_krb5\_cccol\_cursor* krb5\_cccol\_cursor + + +\subsubsection{krb5\_init\_creds\_context} +\label{appdev/refs/types/krb5_init_creds_context:krb5-init-creds-context}\label{appdev/refs/types/krb5_init_creds_context::doc}\label{appdev/refs/types/krb5_init_creds_context:krb5-init-creds-context-struct}\index{krb5\_init\_creds\_context (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}\pysigline{\bfcode{krb5\_init\_creds\_context}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_init_creds_context:declaration} +typedef struct \_krb5\_init\_creds\_context* krb5\_init\_creds\_context + + +\subsubsection{krb5\_key} +\label{appdev/refs/types/krb5_key::doc}\label{appdev/refs/types/krb5_key:krb5-key}\label{appdev/refs/types/krb5_key:krb5-key-struct}\index{krb5\_key (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_key:c.krb5_key}\pysigline{\bfcode{krb5\_key}} +\end{fulllineitems} + + +Opaque identifier for a key. + +Use with the krb5\_k APIs for better performance for repeated operations with the same key and usage. Key identifiers must not be used simultaneously within multiple threads, as they may contain mutable internal state and are not mutex-protected. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_key:declaration} +typedef struct krb5\_key\_st* krb5\_key + + +\subsubsection{krb5\_keytab} +\label{appdev/refs/types/krb5_keytab:krb5-keytab}\label{appdev/refs/types/krb5_keytab::doc}\label{appdev/refs/types/krb5_keytab:krb5-keytab-struct}\index{krb5\_keytab (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_keytab:c.krb5_keytab}\pysigline{\bfcode{krb5\_keytab}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_keytab:declaration} +typedef struct \_krb5\_kt* krb5\_keytab + + +\subsubsection{krb5\_pac} +\label{appdev/refs/types/krb5_pac:krb5-pac-struct}\label{appdev/refs/types/krb5_pac:krb5-pac}\label{appdev/refs/types/krb5_pac::doc}\index{krb5\_pac (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_pac:c.krb5_pac}\pysigline{\bfcode{krb5\_pac}} +\end{fulllineitems} + + +PAC data structure to convey authorization information. + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_pac:declaration} +typedef struct krb5\_pac\_data* krb5\_pac + + +\subsubsection{krb5\_rcache} +\label{appdev/refs/types/krb5_rcache:krb5-rcache-struct}\label{appdev/refs/types/krb5_rcache::doc}\label{appdev/refs/types/krb5_rcache:krb5-rcache}\index{krb5\_rcache (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_rcache:c.krb5_rcache}\pysigline{\bfcode{krb5\_rcache}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_rcache:declaration} +typedef struct krb5\_rc\_st* krb5\_rcache + + +\subsubsection{krb5\_tkt\_creds\_context} +\label{appdev/refs/types/krb5_tkt_creds_context::doc}\label{appdev/refs/types/krb5_tkt_creds_context:krb5-tkt-creds-context}\label{appdev/refs/types/krb5_tkt_creds_context:krb5-tkt-creds-context-struct}\index{krb5\_tkt\_creds\_context (C type)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}\pysigline{\bfcode{krb5\_tkt\_creds\_context}} +\end{fulllineitems} + + + +\paragraph{Declaration} +\label{appdev/refs/types/krb5_tkt_creds_context:declaration} +typedef struct \_krb5\_tkt\_creds\_context* krb5\_tkt\_creds\_context + + +\section{krb5 simple macros} +\label{appdev/refs/macros/index:krb5-simple-macros}\label{appdev/refs/macros/index::doc} + +\subsection{Public} +\label{appdev/refs/macros/index:public} + +\subsubsection{ADDRTYPE\_ADDRPORT} +\label{appdev/refs/macros/ADDRTYPE_ADDRPORT:addrtype-addrport-data}\label{appdev/refs/macros/ADDRTYPE_ADDRPORT::doc}\label{appdev/refs/macros/ADDRTYPE_ADDRPORT:addrtype-addrport}\index{ADDRTYPE\_ADDRPORT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_ADDRPORT:ADDRTYPE_ADDRPORT}\pysigline{\bfcode{ADDRTYPE\_ADDRPORT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_ADDRPORT} + & +\code{0x0100} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_CHAOS} +\label{appdev/refs/macros/ADDRTYPE_CHAOS:addrtype-chaos}\label{appdev/refs/macros/ADDRTYPE_CHAOS:addrtype-chaos-data}\label{appdev/refs/macros/ADDRTYPE_CHAOS::doc}\index{ADDRTYPE\_CHAOS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_CHAOS:ADDRTYPE_CHAOS}\pysigline{\bfcode{ADDRTYPE\_CHAOS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_CHAOS} + & +\code{0x0005} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_DDP} +\label{appdev/refs/macros/ADDRTYPE_DDP:addrtype-ddp-data}\label{appdev/refs/macros/ADDRTYPE_DDP::doc}\label{appdev/refs/macros/ADDRTYPE_DDP:addrtype-ddp}\index{ADDRTYPE\_DDP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_DDP:ADDRTYPE_DDP}\pysigline{\bfcode{ADDRTYPE\_DDP}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_DDP} + & +\code{0x0010} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_INET} +\label{appdev/refs/macros/ADDRTYPE_INET:addrtype-inet}\label{appdev/refs/macros/ADDRTYPE_INET:addrtype-inet-data}\label{appdev/refs/macros/ADDRTYPE_INET::doc}\index{ADDRTYPE\_INET (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_INET:ADDRTYPE_INET}\pysigline{\bfcode{ADDRTYPE\_INET}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_INET} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_INET6} +\label{appdev/refs/macros/ADDRTYPE_INET6:addrtype-inet6-data}\label{appdev/refs/macros/ADDRTYPE_INET6:addrtype-inet6}\label{appdev/refs/macros/ADDRTYPE_INET6::doc}\index{ADDRTYPE\_INET6 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_INET6:ADDRTYPE_INET6}\pysigline{\bfcode{ADDRTYPE\_INET6}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_INET6} + & +\code{0x0018} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_IPPORT} +\label{appdev/refs/macros/ADDRTYPE_IPPORT:addrtype-ipport}\label{appdev/refs/macros/ADDRTYPE_IPPORT::doc}\label{appdev/refs/macros/ADDRTYPE_IPPORT:addrtype-ipport-data}\index{ADDRTYPE\_IPPORT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_IPPORT:ADDRTYPE_IPPORT}\pysigline{\bfcode{ADDRTYPE\_IPPORT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_IPPORT} + & +\code{0x0101} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_ISO} +\label{appdev/refs/macros/ADDRTYPE_ISO::doc}\label{appdev/refs/macros/ADDRTYPE_ISO:addrtype-iso}\label{appdev/refs/macros/ADDRTYPE_ISO:addrtype-iso-data}\index{ADDRTYPE\_ISO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_ISO:ADDRTYPE_ISO}\pysigline{\bfcode{ADDRTYPE\_ISO}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_ISO} + & +\code{0x0007} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_IS\_LOCAL} +\label{appdev/refs/macros/ADDRTYPE_IS_LOCAL::doc}\label{appdev/refs/macros/ADDRTYPE_IS_LOCAL:addrtype-is-local}\label{appdev/refs/macros/ADDRTYPE_IS_LOCAL:addrtype-is-local-data}\index{ADDRTYPE\_IS\_LOCAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_IS_LOCAL:ADDRTYPE_IS_LOCAL}\pysigline{\bfcode{ADDRTYPE\_IS\_LOCAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_IS\_LOCAL (addrtype)} + & +\code{(addrtype \& 0x8000)} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_NETBIOS} +\label{appdev/refs/macros/ADDRTYPE_NETBIOS:addrtype-netbios}\label{appdev/refs/macros/ADDRTYPE_NETBIOS::doc}\label{appdev/refs/macros/ADDRTYPE_NETBIOS:addrtype-netbios-data}\index{ADDRTYPE\_NETBIOS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_NETBIOS:ADDRTYPE_NETBIOS}\pysigline{\bfcode{ADDRTYPE\_NETBIOS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_NETBIOS} + & +\code{0x0014} +\\ +\hline\end{tabulary} + + + +\subsubsection{ADDRTYPE\_XNS} +\label{appdev/refs/macros/ADDRTYPE_XNS::doc}\label{appdev/refs/macros/ADDRTYPE_XNS:addrtype-xns-data}\label{appdev/refs/macros/ADDRTYPE_XNS:addrtype-xns}\index{ADDRTYPE\_XNS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ADDRTYPE_XNS:ADDRTYPE_XNS}\pysigline{\bfcode{ADDRTYPE\_XNS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ADDRTYPE\_XNS} + & +\code{0x0006} +\\ +\hline\end{tabulary} + + + +\subsubsection{AD\_TYPE\_EXTERNAL} +\label{appdev/refs/macros/AD_TYPE_EXTERNAL:ad-type-external-data}\label{appdev/refs/macros/AD_TYPE_EXTERNAL::doc}\label{appdev/refs/macros/AD_TYPE_EXTERNAL:ad-type-external}\index{AD\_TYPE\_EXTERNAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AD_TYPE_EXTERNAL:AD_TYPE_EXTERNAL}\pysigline{\bfcode{AD\_TYPE\_EXTERNAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AD\_TYPE\_EXTERNAL} + & +\code{0x4000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AD\_TYPE\_FIELD\_TYPE\_MASK} +\label{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:ad-type-field-type-mask}\label{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK::doc}\label{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:ad-type-field-type-mask-data}\index{AD\_TYPE\_FIELD\_TYPE\_MASK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:AD_TYPE_FIELD_TYPE_MASK}\pysigline{\bfcode{AD\_TYPE\_FIELD\_TYPE\_MASK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AD\_TYPE\_FIELD\_TYPE\_MASK} + & +\code{0x1fff} +\\ +\hline\end{tabulary} + + + +\subsubsection{AD\_TYPE\_REGISTERED} +\label{appdev/refs/macros/AD_TYPE_REGISTERED:ad-type-registered-data}\label{appdev/refs/macros/AD_TYPE_REGISTERED:ad-type-registered}\label{appdev/refs/macros/AD_TYPE_REGISTERED::doc}\index{AD\_TYPE\_REGISTERED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AD_TYPE_REGISTERED:AD_TYPE_REGISTERED}\pysigline{\bfcode{AD\_TYPE\_REGISTERED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AD\_TYPE\_REGISTERED} + & +\code{0x2000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AD\_TYPE\_RESERVED} +\label{appdev/refs/macros/AD_TYPE_RESERVED::doc}\label{appdev/refs/macros/AD_TYPE_RESERVED:ad-type-reserved}\label{appdev/refs/macros/AD_TYPE_RESERVED:ad-type-reserved-data}\index{AD\_TYPE\_RESERVED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AD_TYPE_RESERVED:AD_TYPE_RESERVED}\pysigline{\bfcode{AD\_TYPE\_RESERVED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AD\_TYPE\_RESERVED} + & +\code{0x8000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_ETYPE\_NEGOTIATION} +\label{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION::doc}\label{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:ap-opts-etype-negotiation}\label{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:ap-opts-etype-negotiation-data}\index{AP\_OPTS\_ETYPE\_NEGOTIATION (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:AP_OPTS_ETYPE_NEGOTIATION}\pysigline{\bfcode{AP\_OPTS\_ETYPE\_NEGOTIATION}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_ETYPE\_NEGOTIATION} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_MUTUAL\_REQUIRED} +\label{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:ap-opts-mutual-required}\label{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:ap-opts-mutual-required-data}\label{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED::doc}\index{AP\_OPTS\_MUTUAL\_REQUIRED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED}\pysigline{\bfcode{AP\_OPTS\_MUTUAL\_REQUIRED}} +\end{fulllineitems} + + +Perform a mutual authentication exchange. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_MUTUAL\_REQUIRED} + & +\code{0x20000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_RESERVED} +\label{appdev/refs/macros/AP_OPTS_RESERVED::doc}\label{appdev/refs/macros/AP_OPTS_RESERVED:ap-opts-reserved-data}\label{appdev/refs/macros/AP_OPTS_RESERVED:ap-opts-reserved}\index{AP\_OPTS\_RESERVED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_RESERVED:AP_OPTS_RESERVED}\pysigline{\bfcode{AP\_OPTS\_RESERVED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_RESERVED} + & +\code{0x80000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_USE\_SESSION\_KEY} +\label{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:ap-opts-use-session-key}\label{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY::doc}\label{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:ap-opts-use-session-key-data}\index{AP\_OPTS\_USE\_SESSION\_KEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:AP_OPTS_USE_SESSION_KEY}\pysigline{\bfcode{AP\_OPTS\_USE\_SESSION\_KEY}} +\end{fulllineitems} + + +Use session key. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_USE\_SESSION\_KEY} + & +\code{0x40000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_USE\_SUBKEY} +\label{appdev/refs/macros/AP_OPTS_USE_SUBKEY:ap-opts-use-subkey}\label{appdev/refs/macros/AP_OPTS_USE_SUBKEY:ap-opts-use-subkey-data}\label{appdev/refs/macros/AP_OPTS_USE_SUBKEY::doc}\index{AP\_OPTS\_USE\_SUBKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_USE_SUBKEY:AP_OPTS_USE_SUBKEY}\pysigline{\bfcode{AP\_OPTS\_USE\_SUBKEY}} +\end{fulllineitems} + + +Generate a subsession key from the current session key obtained from the credentials. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_USE\_SUBKEY} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{AP\_OPTS\_WIRE\_MASK} +\label{appdev/refs/macros/AP_OPTS_WIRE_MASK:ap-opts-wire-mask-data}\label{appdev/refs/macros/AP_OPTS_WIRE_MASK:ap-opts-wire-mask}\label{appdev/refs/macros/AP_OPTS_WIRE_MASK::doc}\index{AP\_OPTS\_WIRE\_MASK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/AP_OPTS_WIRE_MASK:AP_OPTS_WIRE_MASK}\pysigline{\bfcode{AP\_OPTS\_WIRE\_MASK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{AP\_OPTS\_WIRE\_MASK} + & +\code{0xfffffff0} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_CMAC\_CAMELLIA128} +\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128::doc}\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:cksumtype-cmac-camellia128}\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:cksumtype-cmac-camellia128-data}\index{CKSUMTYPE\_CMAC\_CAMELLIA128 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:CKSUMTYPE_CMAC_CAMELLIA128}\pysigline{\bfcode{CKSUMTYPE\_CMAC\_CAMELLIA128}} +\end{fulllineitems} + + +RFC 6803. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_CMAC\_CAMELLIA128} + & +\code{0x0011} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_CMAC\_CAMELLIA256} +\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256::doc}\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:cksumtype-cmac-camellia256}\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:cksumtype-cmac-camellia256-data}\index{CKSUMTYPE\_CMAC\_CAMELLIA256 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:CKSUMTYPE_CMAC_CAMELLIA256}\pysigline{\bfcode{CKSUMTYPE\_CMAC\_CAMELLIA256}} +\end{fulllineitems} + + +RFC 6803. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_CMAC\_CAMELLIA256} + & +\code{0x0012} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_CRC32} +\label{appdev/refs/macros/CKSUMTYPE_CRC32:cksumtype-crc32-data}\label{appdev/refs/macros/CKSUMTYPE_CRC32::doc}\label{appdev/refs/macros/CKSUMTYPE_CRC32:cksumtype-crc32}\index{CKSUMTYPE\_CRC32 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_CRC32:CKSUMTYPE_CRC32}\pysigline{\bfcode{CKSUMTYPE\_CRC32}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_CRC32} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_DESCBC} +\label{appdev/refs/macros/CKSUMTYPE_DESCBC:cksumtype-descbc-data}\label{appdev/refs/macros/CKSUMTYPE_DESCBC::doc}\label{appdev/refs/macros/CKSUMTYPE_DESCBC:cksumtype-descbc}\index{CKSUMTYPE\_DESCBC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_DESCBC:CKSUMTYPE_DESCBC}\pysigline{\bfcode{CKSUMTYPE\_DESCBC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_DESCBC} + & +\code{0x0004} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:cksumtype-hmac-md5-arcfour-data}\label{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:cksumtype-hmac-md5-arcfour}\label{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR::doc}\index{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:CKSUMTYPE_HMAC_MD5_ARCFOUR}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR}} +\end{fulllineitems} + + +RFC 4757. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR} + & +\code{-138} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128::doc}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:cksumtype-hmac-sha1-96-aes128}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:cksumtype-hmac-sha1-96-aes128-data}\index{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:CKSUMTYPE_HMAC_SHA1_96_AES128}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128}} +\end{fulllineitems} + + +RFC 3962. + +Used with ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128} + & +\code{0x000f} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256::doc}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:cksumtype-hmac-sha1-96-aes256}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:cksumtype-hmac-sha1-96-aes256-data}\index{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:CKSUMTYPE_HMAC_SHA1_96_AES256}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256}} +\end{fulllineitems} + + +RFC 3962. + +Used with ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256} + & +\code{0x0010} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:cksumtype-hmac-sha256-128-aes128-data}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128::doc}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:cksumtype-hmac-sha256-128-aes128}\index{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:CKSUMTYPE_HMAC_SHA256_128_AES128}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128}} +\end{fulllineitems} + + +RFC 8009. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128} + & +\code{0x0013} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:cksumtype-hmac-sha384-192-aes256}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:cksumtype-hmac-sha384-192-aes256-data}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256::doc}\index{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:CKSUMTYPE_HMAC_SHA384_192_AES256}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256}} +\end{fulllineitems} + + +RFC 8009. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256} + & +\code{0x0014} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_DES3} +\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3::doc}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:cksumtype-hmac-sha1-des3}\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:cksumtype-hmac-sha1-des3-data}\index{CKSUMTYPE\_HMAC\_SHA1\_DES3 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:CKSUMTYPE_HMAC_SHA1_DES3}\pysigline{\bfcode{CKSUMTYPE\_HMAC\_SHA1\_DES3}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_HMAC\_SHA1\_DES3} + & +\code{0x000c} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR} +\label{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:cksumtype-md5-hmac-arcfour}\label{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:cksumtype-md5-hmac-arcfour-data}\label{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR::doc}\index{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:CKSUMTYPE_MD5_HMAC_ARCFOUR}\pysigline{\bfcode{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR} + & +\code{-137 /* Microsoft netlogon */} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_NIST\_SHA} +\label{appdev/refs/macros/CKSUMTYPE_NIST_SHA::doc}\label{appdev/refs/macros/CKSUMTYPE_NIST_SHA:cksumtype-nist-sha}\label{appdev/refs/macros/CKSUMTYPE_NIST_SHA:cksumtype-nist-sha-data}\index{CKSUMTYPE\_NIST\_SHA (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_NIST_SHA:CKSUMTYPE_NIST_SHA}\pysigline{\bfcode{CKSUMTYPE\_NIST\_SHA}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_NIST\_SHA} + & +\code{0x0009} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_RSA\_MD4} +\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4::doc}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4:cksumtype-rsa-md4}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4:cksumtype-rsa-md4-data}\index{CKSUMTYPE\_RSA\_MD4 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4:CKSUMTYPE_RSA_MD4}\pysigline{\bfcode{CKSUMTYPE\_RSA\_MD4}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_RSA\_MD4} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_RSA\_MD4\_DES} +\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES::doc}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:cksumtype-rsa-md4-des}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:cksumtype-rsa-md4-des-data}\index{CKSUMTYPE\_RSA\_MD4\_DES (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:CKSUMTYPE_RSA_MD4_DES}\pysigline{\bfcode{CKSUMTYPE\_RSA\_MD4\_DES}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_RSA\_MD4\_DES} + & +\code{0x0003} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_RSA\_MD5} +\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5:cksumtype-rsa-md5-data}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5::doc}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5:cksumtype-rsa-md5}\index{CKSUMTYPE\_RSA\_MD5 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5:CKSUMTYPE_RSA_MD5}\pysigline{\bfcode{CKSUMTYPE\_RSA\_MD5}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_RSA\_MD5} + & +\code{0x0007} +\\ +\hline\end{tabulary} + + + +\subsubsection{CKSUMTYPE\_RSA\_MD5\_DES} +\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:cksumtype-rsa-md5-des-data}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES::doc}\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:cksumtype-rsa-md5-des}\index{CKSUMTYPE\_RSA\_MD5\_DES (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:CKSUMTYPE_RSA_MD5_DES}\pysigline{\bfcode{CKSUMTYPE\_RSA\_MD5\_DES}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{CKSUMTYPE\_RSA\_MD5\_DES} + & +\code{0x0008} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96} +\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:enctype-aes128-cts-hmac-sha1-96-data}\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96::doc}\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:enctype-aes128-cts-hmac-sha1-96}\index{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:ENCTYPE_AES128_CTS_HMAC_SHA1_96}\pysigline{\bfcode{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96}} +\end{fulllineitems} + + +RFC 3962. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96} + & +\code{0x0011} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128} +\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:enctype-aes128-cts-hmac-sha256-128}\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:enctype-aes128-cts-hmac-sha256-128-data}\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128::doc}\index{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:ENCTYPE_AES128_CTS_HMAC_SHA256_128}\pysigline{\bfcode{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128}} +\end{fulllineitems} + + +RFC 8009. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128} + & +\code{0x0013} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96} +\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:enctype-aes256-cts-hmac-sha1-96-data}\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96::doc}\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:enctype-aes256-cts-hmac-sha1-96}\index{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:ENCTYPE_AES256_CTS_HMAC_SHA1_96}\pysigline{\bfcode{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96}} +\end{fulllineitems} + + +RFC 3962. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96} + & +\code{0x0012} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192} +\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:enctype-aes256-cts-hmac-sha384-192-data}\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:enctype-aes256-cts-hmac-sha384-192}\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192::doc}\index{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:ENCTYPE_AES256_CTS_HMAC_SHA384_192}\pysigline{\bfcode{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192}} +\end{fulllineitems} + + +RFC 8009. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192} + & +\code{0x0014} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_ARCFOUR\_HMAC} +\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:enctype-arcfour-hmac}\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:enctype-arcfour-hmac-data}\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC::doc}\index{ENCTYPE\_ARCFOUR\_HMAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:ENCTYPE_ARCFOUR_HMAC}\pysigline{\bfcode{ENCTYPE\_ARCFOUR\_HMAC}} +\end{fulllineitems} + + +RFC 4757. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_ARCFOUR\_HMAC} + & +\code{0x0017} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_ARCFOUR\_HMAC\_EXP} +\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:enctype-arcfour-hmac-exp-data}\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:enctype-arcfour-hmac-exp}\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP::doc}\index{ENCTYPE\_ARCFOUR\_HMAC\_EXP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:ENCTYPE_ARCFOUR_HMAC_EXP}\pysigline{\bfcode{ENCTYPE\_ARCFOUR\_HMAC\_EXP}} +\end{fulllineitems} + + +RFC 4757. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_ARCFOUR\_HMAC\_EXP} + & +\code{0x0018} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_CAMELLIA128\_CTS\_CMAC} +\label{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:enctype-camellia128-cts-cmac-data}\label{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:enctype-camellia128-cts-cmac}\label{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC::doc}\index{ENCTYPE\_CAMELLIA128\_CTS\_CMAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:ENCTYPE_CAMELLIA128_CTS_CMAC}\pysigline{\bfcode{ENCTYPE\_CAMELLIA128\_CTS\_CMAC}} +\end{fulllineitems} + + +RFC 6803. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_CAMELLIA128\_CTS\_CMAC} + & +\code{0x0019} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_CAMELLIA256\_CTS\_CMAC} +\label{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:enctype-camellia256-cts-cmac-data}\label{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:enctype-camellia256-cts-cmac}\label{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC::doc}\index{ENCTYPE\_CAMELLIA256\_CTS\_CMAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:ENCTYPE_CAMELLIA256_CTS_CMAC}\pysigline{\bfcode{ENCTYPE\_CAMELLIA256\_CTS\_CMAC}} +\end{fulllineitems} + + +RFC 6803. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_CAMELLIA256\_CTS\_CMAC} + & +\code{0x001a} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES3\_CBC\_ENV} +\label{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV::doc}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:enctype-des3-cbc-env}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:enctype-des3-cbc-env-data}\index{ENCTYPE\_DES3\_CBC\_ENV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:ENCTYPE_DES3_CBC_ENV}\pysigline{\bfcode{ENCTYPE\_DES3\_CBC\_ENV}} +\end{fulllineitems} + + +DES-3 cbc mode, CMS enveloped data. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES3\_CBC\_ENV} + & +\code{0x000f} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES3\_CBC\_RAW} +\label{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:enctype-des3-cbc-raw}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW::doc}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:enctype-des3-cbc-raw-data}\index{ENCTYPE\_DES3\_CBC\_RAW (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:ENCTYPE_DES3_CBC_RAW}\pysigline{\bfcode{ENCTYPE\_DES3\_CBC\_RAW}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES3\_CBC\_RAW} + & +\code{0x0006} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES3\_CBC\_SHA} +\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:enctype-des3-cbc-sha}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA::doc}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:enctype-des3-cbc-sha-data}\index{ENCTYPE\_DES3\_CBC\_SHA (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:ENCTYPE_DES3_CBC_SHA}\pysigline{\bfcode{ENCTYPE\_DES3\_CBC\_SHA}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES3\_CBC\_SHA} + & +\code{0x0005} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES3\_CBC\_SHA1} +\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1::doc}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:enctype-des3-cbc-sha1}\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:enctype-des3-cbc-sha1-data}\index{ENCTYPE\_DES3\_CBC\_SHA1 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:ENCTYPE_DES3_CBC_SHA1}\pysigline{\bfcode{ENCTYPE\_DES3\_CBC\_SHA1}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES3\_CBC\_SHA1} + & +\code{0x0010} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES\_CBC\_CRC} +\label{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:enctype-des-cbc-crc-data}\label{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:enctype-des-cbc-crc}\label{appdev/refs/macros/ENCTYPE_DES_CBC_CRC::doc}\index{ENCTYPE\_DES\_CBC\_CRC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:ENCTYPE_DES_CBC_CRC}\pysigline{\bfcode{ENCTYPE\_DES\_CBC\_CRC}} +\end{fulllineitems} + + +DES cbc mode with CRC-32. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES\_CBC\_CRC} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES\_CBC\_MD4} +\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:enctype-des-cbc-md4-data}\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD4::doc}\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:enctype-des-cbc-md4}\index{ENCTYPE\_DES\_CBC\_MD4 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:ENCTYPE_DES_CBC_MD4}\pysigline{\bfcode{ENCTYPE\_DES\_CBC\_MD4}} +\end{fulllineitems} + + +DES cbc mode with RSA-MD4. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES\_CBC\_MD4} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES\_CBC\_MD5} +\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:enctype-des-cbc-md5-data}\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD5::doc}\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:enctype-des-cbc-md5}\index{ENCTYPE\_DES\_CBC\_MD5 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:ENCTYPE_DES_CBC_MD5}\pysigline{\bfcode{ENCTYPE\_DES\_CBC\_MD5}} +\end{fulllineitems} + + +DES cbc mode with RSA-MD5. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES\_CBC\_MD5} + & +\code{0x0003} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES\_CBC\_RAW} +\label{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:enctype-des-cbc-raw-data}\label{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:enctype-des-cbc-raw}\label{appdev/refs/macros/ENCTYPE_DES_CBC_RAW::doc}\index{ENCTYPE\_DES\_CBC\_RAW (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:ENCTYPE_DES_CBC_RAW}\pysigline{\bfcode{ENCTYPE\_DES\_CBC\_RAW}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES\_CBC\_RAW} + & +\code{0x0004} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DES\_HMAC\_SHA1} +\label{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:enctype-des-hmac-sha1-data}\label{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1::doc}\label{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:enctype-des-hmac-sha1}\index{ENCTYPE\_DES\_HMAC\_SHA1 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:ENCTYPE_DES_HMAC_SHA1}\pysigline{\bfcode{ENCTYPE\_DES\_HMAC\_SHA1}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DES\_HMAC\_SHA1} + & +\code{0x0008} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_DSA\_SHA1\_CMS} +\label{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:enctype-dsa-sha1-cms-data}\label{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:enctype-dsa-sha1-cms}\label{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS::doc}\index{ENCTYPE\_DSA\_SHA1\_CMS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:ENCTYPE_DSA_SHA1_CMS}\pysigline{\bfcode{ENCTYPE\_DSA\_SHA1\_CMS}} +\end{fulllineitems} + + +DSA with SHA1, CMS signature. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_DSA\_SHA1\_CMS} + & +\code{0x0009} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_MD5\_RSA\_CMS} +\label{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:enctype-md5-rsa-cms}\label{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:enctype-md5-rsa-cms-data}\label{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS::doc}\index{ENCTYPE\_MD5\_RSA\_CMS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:ENCTYPE_MD5_RSA_CMS}\pysigline{\bfcode{ENCTYPE\_MD5\_RSA\_CMS}} +\end{fulllineitems} + + +MD5 with RSA, CMS signature. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_MD5\_RSA\_CMS} + & +\code{0x000a} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_NULL} +\label{appdev/refs/macros/ENCTYPE_NULL:enctype-null}\label{appdev/refs/macros/ENCTYPE_NULL::doc}\label{appdev/refs/macros/ENCTYPE_NULL:enctype-null-data}\index{ENCTYPE\_NULL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_NULL:ENCTYPE_NULL}\pysigline{\bfcode{ENCTYPE\_NULL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_NULL} + & +\code{0x0000} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_RC2\_CBC\_ENV} +\label{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:enctype-rc2-cbc-env}\label{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV::doc}\label{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:enctype-rc2-cbc-env-data}\index{ENCTYPE\_RC2\_CBC\_ENV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:ENCTYPE_RC2_CBC_ENV}\pysigline{\bfcode{ENCTYPE\_RC2\_CBC\_ENV}} +\end{fulllineitems} + + +RC2 cbc mode, CMS enveloped data. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_RC2\_CBC\_ENV} + & +\code{0x000c} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_RSA\_ENV} +\label{appdev/refs/macros/ENCTYPE_RSA_ENV:enctype-rsa-env-data}\label{appdev/refs/macros/ENCTYPE_RSA_ENV:enctype-rsa-env}\label{appdev/refs/macros/ENCTYPE_RSA_ENV::doc}\index{ENCTYPE\_RSA\_ENV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_RSA_ENV:ENCTYPE_RSA_ENV}\pysigline{\bfcode{ENCTYPE\_RSA\_ENV}} +\end{fulllineitems} + + +RSA encryption, CMS enveloped data. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_RSA\_ENV} + & +\code{0x000d} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_RSA\_ES\_OAEP\_ENV} +\label{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV::doc}\label{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:enctype-rsa-es-oaep-env}\label{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:enctype-rsa-es-oaep-env-data}\index{ENCTYPE\_RSA\_ES\_OAEP\_ENV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:ENCTYPE_RSA_ES_OAEP_ENV}\pysigline{\bfcode{ENCTYPE\_RSA\_ES\_OAEP\_ENV}} +\end{fulllineitems} + + +RSA w/OEAP encryption, CMS enveloped data. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_RSA\_ES\_OAEP\_ENV} + & +\code{0x000e} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_SHA1\_RSA\_CMS} +\label{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS::doc}\label{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:enctype-sha1-rsa-cms-data}\label{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:enctype-sha1-rsa-cms}\index{ENCTYPE\_SHA1\_RSA\_CMS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:ENCTYPE_SHA1_RSA_CMS}\pysigline{\bfcode{ENCTYPE\_SHA1\_RSA\_CMS}} +\end{fulllineitems} + + +SHA1 with RSA, CMS signature. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_SHA1\_RSA\_CMS} + & +\code{0x000b} +\\ +\hline\end{tabulary} + + + +\subsubsection{ENCTYPE\_UNKNOWN} +\label{appdev/refs/macros/ENCTYPE_UNKNOWN:enctype-unknown}\label{appdev/refs/macros/ENCTYPE_UNKNOWN::doc}\label{appdev/refs/macros/ENCTYPE_UNKNOWN:enctype-unknown-data}\index{ENCTYPE\_UNKNOWN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/ENCTYPE_UNKNOWN:ENCTYPE_UNKNOWN}\pysigline{\bfcode{ENCTYPE\_UNKNOWN}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{ENCTYPE\_UNKNOWN} + & +\code{0x01ff} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_ALLOW\_POSTDATE} +\label{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:kdc-opt-allow-postdate}\label{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:kdc-opt-allow-postdate-data}\label{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE::doc}\index{KDC\_OPT\_ALLOW\_POSTDATE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:KDC_OPT_ALLOW_POSTDATE}\pysigline{\bfcode{KDC\_OPT\_ALLOW\_POSTDATE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_ALLOW\_POSTDATE} + & +\code{0x04000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_CANONICALIZE} +\label{appdev/refs/macros/KDC_OPT_CANONICALIZE:kdc-opt-canonicalize}\label{appdev/refs/macros/KDC_OPT_CANONICALIZE:kdc-opt-canonicalize-data}\label{appdev/refs/macros/KDC_OPT_CANONICALIZE::doc}\index{KDC\_OPT\_CANONICALIZE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_CANONICALIZE:KDC_OPT_CANONICALIZE}\pysigline{\bfcode{KDC\_OPT\_CANONICALIZE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_CANONICALIZE} + & +\code{0x00010000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT} +\label{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:kdc-opt-cname-in-addl-tkt-data}\label{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:kdc-opt-cname-in-addl-tkt}\label{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT::doc}\index{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:KDC_OPT_CNAME_IN_ADDL_TKT}\pysigline{\bfcode{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT} + & +\code{0x00020000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK} +\label{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:kdc-opt-disable-transited-check}\label{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK::doc}\label{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:kdc-opt-disable-transited-check-data}\index{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:KDC_OPT_DISABLE_TRANSITED_CHECK}\pysigline{\bfcode{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK} + & +\code{0x00000020} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_ENC\_TKT\_IN\_SKEY} +\label{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:kdc-opt-enc-tkt-in-skey}\label{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY::doc}\label{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:kdc-opt-enc-tkt-in-skey-data}\index{KDC\_OPT\_ENC\_TKT\_IN\_SKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:KDC_OPT_ENC_TKT_IN_SKEY}\pysigline{\bfcode{KDC\_OPT\_ENC\_TKT\_IN\_SKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_ENC\_TKT\_IN\_SKEY} + & +\code{0x00000008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_FORWARDABLE} +\label{appdev/refs/macros/KDC_OPT_FORWARDABLE:kdc-opt-forwardable-data}\label{appdev/refs/macros/KDC_OPT_FORWARDABLE::doc}\label{appdev/refs/macros/KDC_OPT_FORWARDABLE:kdc-opt-forwardable}\index{KDC\_OPT\_FORWARDABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_FORWARDABLE:KDC_OPT_FORWARDABLE}\pysigline{\bfcode{KDC\_OPT\_FORWARDABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_FORWARDABLE} + & +\code{0x40000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_FORWARDED} +\label{appdev/refs/macros/KDC_OPT_FORWARDED::doc}\label{appdev/refs/macros/KDC_OPT_FORWARDED:kdc-opt-forwarded}\label{appdev/refs/macros/KDC_OPT_FORWARDED:kdc-opt-forwarded-data}\index{KDC\_OPT\_FORWARDED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_FORWARDED:KDC_OPT_FORWARDED}\pysigline{\bfcode{KDC\_OPT\_FORWARDED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_FORWARDED} + & +\code{0x20000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_POSTDATED} +\label{appdev/refs/macros/KDC_OPT_POSTDATED:kdc-opt-postdated-data}\label{appdev/refs/macros/KDC_OPT_POSTDATED:kdc-opt-postdated}\label{appdev/refs/macros/KDC_OPT_POSTDATED::doc}\index{KDC\_OPT\_POSTDATED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_POSTDATED:KDC_OPT_POSTDATED}\pysigline{\bfcode{KDC\_OPT\_POSTDATED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_POSTDATED} + & +\code{0x02000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_PROXIABLE} +\label{appdev/refs/macros/KDC_OPT_PROXIABLE:kdc-opt-proxiable-data}\label{appdev/refs/macros/KDC_OPT_PROXIABLE::doc}\label{appdev/refs/macros/KDC_OPT_PROXIABLE:kdc-opt-proxiable}\index{KDC\_OPT\_PROXIABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_PROXIABLE:KDC_OPT_PROXIABLE}\pysigline{\bfcode{KDC\_OPT\_PROXIABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_PROXIABLE} + & +\code{0x10000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_PROXY} +\label{appdev/refs/macros/KDC_OPT_PROXY::doc}\label{appdev/refs/macros/KDC_OPT_PROXY:kdc-opt-proxy}\label{appdev/refs/macros/KDC_OPT_PROXY:kdc-opt-proxy-data}\index{KDC\_OPT\_PROXY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_PROXY:KDC_OPT_PROXY}\pysigline{\bfcode{KDC\_OPT\_PROXY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_PROXY} + & +\code{0x08000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_RENEW} +\label{appdev/refs/macros/KDC_OPT_RENEW::doc}\label{appdev/refs/macros/KDC_OPT_RENEW:kdc-opt-renew}\label{appdev/refs/macros/KDC_OPT_RENEW:kdc-opt-renew-data}\index{KDC\_OPT\_RENEW (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_RENEW:KDC_OPT_RENEW}\pysigline{\bfcode{KDC\_OPT\_RENEW}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_RENEW} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_RENEWABLE} +\label{appdev/refs/macros/KDC_OPT_RENEWABLE:kdc-opt-renewable}\label{appdev/refs/macros/KDC_OPT_RENEWABLE:kdc-opt-renewable-data}\label{appdev/refs/macros/KDC_OPT_RENEWABLE::doc}\index{KDC\_OPT\_RENEWABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_RENEWABLE:KDC_OPT_RENEWABLE}\pysigline{\bfcode{KDC\_OPT\_RENEWABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_RENEWABLE} + & +\code{0x00800000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_RENEWABLE\_OK} +\label{appdev/refs/macros/KDC_OPT_RENEWABLE_OK::doc}\label{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:kdc-opt-renewable-ok-data}\label{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:kdc-opt-renewable-ok}\index{KDC\_OPT\_RENEWABLE\_OK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:KDC_OPT_RENEWABLE_OK}\pysigline{\bfcode{KDC\_OPT\_RENEWABLE\_OK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_RENEWABLE\_OK} + & +\code{0x00000010} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_REQUEST\_ANONYMOUS} +\label{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:kdc-opt-request-anonymous}\label{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:kdc-opt-request-anonymous-data}\label{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS::doc}\index{KDC\_OPT\_REQUEST\_ANONYMOUS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:KDC_OPT_REQUEST_ANONYMOUS}\pysigline{\bfcode{KDC\_OPT\_REQUEST\_ANONYMOUS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_REQUEST\_ANONYMOUS} + & +\code{0x00008000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_OPT\_VALIDATE} +\label{appdev/refs/macros/KDC_OPT_VALIDATE:kdc-opt-validate-data}\label{appdev/refs/macros/KDC_OPT_VALIDATE:kdc-opt-validate}\label{appdev/refs/macros/KDC_OPT_VALIDATE::doc}\index{KDC\_OPT\_VALIDATE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_OPT_VALIDATE:KDC_OPT_VALIDATE}\pysigline{\bfcode{KDC\_OPT\_VALIDATE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_OPT\_VALIDATE} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KDC\_TKT\_COMMON\_MASK} +\label{appdev/refs/macros/KDC_TKT_COMMON_MASK:kdc-tkt-common-mask-data}\label{appdev/refs/macros/KDC_TKT_COMMON_MASK::doc}\label{appdev/refs/macros/KDC_TKT_COMMON_MASK:kdc-tkt-common-mask}\index{KDC\_TKT\_COMMON\_MASK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KDC_TKT_COMMON_MASK:KDC_TKT_COMMON_MASK}\pysigline{\bfcode{KDC\_TKT\_COMMON\_MASK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KDC\_TKT\_COMMON\_MASK} + & +\code{0x54800000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE} +\label{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:krb5-altauth-att-challenge-response}\label{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:krb5-altauth-att-challenge-response-data}\label{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE::doc}\index{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE}\pysigline{\bfcode{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE}} +\end{fulllineitems} + + +alternate authentication types + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE} + & +\code{64} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_ANONYMOUS\_PRINCSTR} +\label{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:krb5-anonymous-princstr}\label{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:krb5-anonymous-princstr-data}\label{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR::doc}\index{KRB5\_ANONYMOUS\_PRINCSTR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:KRB5_ANONYMOUS_PRINCSTR}\pysigline{\bfcode{KRB5\_ANONYMOUS\_PRINCSTR}} +\end{fulllineitems} + + +Anonymous principal name. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_ANONYMOUS\_PRINCSTR} + & +\code{"ANONYMOUS"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_ANONYMOUS\_REALMSTR} +\label{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:krb5-anonymous-realmstr-data}\label{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:krb5-anonymous-realmstr}\label{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR::doc}\index{KRB5\_ANONYMOUS\_REALMSTR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:KRB5_ANONYMOUS_REALMSTR}\pysigline{\bfcode{KRB5\_ANONYMOUS\_REALMSTR}} +\end{fulllineitems} + + +Anonymous realm. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_ANONYMOUS\_REALMSTR} + & +\code{"WELLKNOWN:ANONYMOUS"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AP\_REP} +\label{appdev/refs/macros/KRB5_AP_REP:krb5-ap-rep}\label{appdev/refs/macros/KRB5_AP_REP::doc}\label{appdev/refs/macros/KRB5_AP_REP:krb5-ap-rep-data}\index{KRB5\_AP\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AP_REP:KRB5_AP_REP}\pysigline{\bfcode{KRB5\_AP\_REP}} +\end{fulllineitems} + + +Response to mutual AP request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AP\_REP} + & +\code{((krb5\_msgtype)15)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AP\_REQ} +\label{appdev/refs/macros/KRB5_AP_REQ:krb5-ap-req}\label{appdev/refs/macros/KRB5_AP_REQ::doc}\label{appdev/refs/macros/KRB5_AP_REQ:krb5-ap-req-data}\index{KRB5\_AP\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AP_REQ:KRB5_AP_REQ}\pysigline{\bfcode{KRB5\_AP\_REQ}} +\end{fulllineitems} + + +Auth req to application server. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AP\_REQ} + & +\code{((krb5\_msgtype)14)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AS\_REP} +\label{appdev/refs/macros/KRB5_AS_REP:krb5-as-rep}\label{appdev/refs/macros/KRB5_AS_REP:krb5-as-rep-data}\label{appdev/refs/macros/KRB5_AS_REP::doc}\index{KRB5\_AS\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AS_REP:KRB5_AS_REP}\pysigline{\bfcode{KRB5\_AS\_REP}} +\end{fulllineitems} + + +Response to AS request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AS\_REP} + & +\code{((krb5\_msgtype)11)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AS\_REQ} +\label{appdev/refs/macros/KRB5_AS_REQ:krb5-as-req}\label{appdev/refs/macros/KRB5_AS_REQ:krb5-as-req-data}\label{appdev/refs/macros/KRB5_AS_REQ::doc}\index{KRB5\_AS\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AS_REQ:KRB5_AS_REQ}\pysigline{\bfcode{KRB5\_AS\_REQ}} +\end{fulllineitems} + + +Initial authentication request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AS\_REQ} + & +\code{((krb5\_msgtype)10)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_AND\_OR} +\label{appdev/refs/macros/KRB5_AUTHDATA_AND_OR::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:krb5-authdata-and-or-data}\label{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:krb5-authdata-and-or}\index{KRB5\_AUTHDATA\_AND\_OR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:KRB5_AUTHDATA_AND_OR}\pysigline{\bfcode{KRB5\_AUTHDATA\_AND\_OR}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_AND\_OR} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_AUTH\_INDICATOR} +\label{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:krb5-authdata-auth-indicator}\label{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:krb5-authdata-auth-indicator-data}\index{KRB5\_AUTHDATA\_AUTH\_INDICATOR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:KRB5_AUTHDATA_AUTH_INDICATOR}\pysigline{\bfcode{KRB5\_AUTHDATA\_AUTH\_INDICATOR}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_AUTH\_INDICATOR} + & +\code{97} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_CAMMAC} +\label{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:krb5-authdata-cammac}\label{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:krb5-authdata-cammac-data}\index{KRB5\_AUTHDATA\_CAMMAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:KRB5_AUTHDATA_CAMMAC}\pysigline{\bfcode{KRB5\_AUTHDATA\_CAMMAC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_CAMMAC} + & +\code{96} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION} +\label{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:krb5-authdata-etype-negotiation}\label{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:krb5-authdata-etype-negotiation-data}\index{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:KRB5_AUTHDATA_ETYPE_NEGOTIATION}\pysigline{\bfcode{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION}} +\end{fulllineitems} + + +RFC 4537. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION} + & +\code{129} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_FX\_ARMOR} +\label{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:krb5-authdata-fx-armor}\label{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:krb5-authdata-fx-armor-data}\index{KRB5\_AUTHDATA\_FX\_ARMOR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:KRB5_AUTHDATA_FX_ARMOR}\pysigline{\bfcode{KRB5\_AUTHDATA\_FX\_ARMOR}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_FX\_ARMOR} + & +\code{71} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_IF\_RELEVANT} +\label{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:krb5-authdata-if-relevant-data}\label{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:krb5-authdata-if-relevant}\label{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT::doc}\index{KRB5\_AUTHDATA\_IF\_RELEVANT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:KRB5_AUTHDATA_IF_RELEVANT}\pysigline{\bfcode{KRB5\_AUTHDATA\_IF\_RELEVANT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_IF\_RELEVANT} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS} +\label{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:krb5-authdata-initial-verified-cas-data}\label{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:krb5-authdata-initial-verified-cas}\label{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS::doc}\index{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:KRB5_AUTHDATA_INITIAL_VERIFIED_CAS}\pysigline{\bfcode{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS} + & +\code{9} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_KDC\_ISSUED} +\label{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:krb5-authdata-kdc-issued-data}\label{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:krb5-authdata-kdc-issued}\index{KRB5\_AUTHDATA\_KDC\_ISSUED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:KRB5_AUTHDATA_KDC_ISSUED}\pysigline{\bfcode{KRB5\_AUTHDATA\_KDC\_ISSUED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_KDC\_ISSUED} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC} +\label{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:krb5-authdata-mandatory-for-kdc}\label{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:krb5-authdata-mandatory-for-kdc-data}\index{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:KRB5_AUTHDATA_MANDATORY_FOR_KDC}\pysigline{\bfcode{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC} + & +\code{8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_OSF\_DCE} +\label{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:krb5-authdata-osf-dce-data}\label{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:krb5-authdata-osf-dce}\index{KRB5\_AUTHDATA\_OSF\_DCE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:KRB5_AUTHDATA_OSF_DCE}\pysigline{\bfcode{KRB5\_AUTHDATA\_OSF\_DCE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_OSF\_DCE} + & +\code{64} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_SESAME} +\label{appdev/refs/macros/KRB5_AUTHDATA_SESAME:krb5-authdata-sesame}\label{appdev/refs/macros/KRB5_AUTHDATA_SESAME::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_SESAME:krb5-authdata-sesame-data}\index{KRB5\_AUTHDATA\_SESAME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_SESAME:KRB5_AUTHDATA_SESAME}\pysigline{\bfcode{KRB5\_AUTHDATA\_SESAME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_SESAME} + & +\code{65} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_SIGNTICKET} +\label{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:krb5-authdata-signticket-data}\label{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:krb5-authdata-signticket}\label{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET::doc}\index{KRB5\_AUTHDATA\_SIGNTICKET (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:KRB5_AUTHDATA_SIGNTICKET}\pysigline{\bfcode{KRB5\_AUTHDATA\_SIGNTICKET}} +\end{fulllineitems} + + +formerly 142 in krb5 1.8 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_SIGNTICKET} + & +\code{512} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTHDATA\_WIN2K\_PAC} +\label{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:krb5-authdata-win2k-pac-data}\label{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC::doc}\label{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:krb5-authdata-win2k-pac}\index{KRB5\_AUTHDATA\_WIN2K\_PAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:KRB5_AUTHDATA_WIN2K_PAC}\pysigline{\bfcode{KRB5\_AUTHDATA\_WIN2K\_PAC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTHDATA\_WIN2K\_PAC} + & +\code{128} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:krb5-auth-context-do-sequence-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:krb5-auth-context-do-sequence}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE::doc}\index{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}} +\end{fulllineitems} + + +Prevent replays with sequence numbers. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE} + & +\code{0x00000004} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_DO\_TIME} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:krb5-auth-context-do-time-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:krb5-auth-context-do-time}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME::doc}\index{KRB5\_AUTH\_CONTEXT\_DO\_TIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}} +\end{fulllineitems} + + +Prevent replays with timestamps and replay cache. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_DO\_TIME} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR::doc}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:krb5-auth-context-generate-local-addr}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:krb5-auth-context-generate-local-addr-data}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR}} +\end{fulllineitems} + + +Generate the local network address. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:krb5-auth-context-generate-local-full-addr}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:krb5-auth-context-generate-local-full-addr-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR::doc}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR}} +\end{fulllineitems} + + +Generate the local network address and the local port. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR} + & +\code{0x00000004} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:krb5-auth-context-generate-remote-addr-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:krb5-auth-context-generate-remote-addr}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR::doc}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR}} +\end{fulllineitems} + + +Generate the remote network address. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:krb5-auth-context-generate-remote-full-addr}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR::doc}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:krb5-auth-context-generate-remote-full-addr-data}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR}} +\end{fulllineitems} + + +Generate the remote network address and the remote port. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR} + & +\code{0x00000008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:krb5-auth-context-permit-all}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:krb5-auth-context-permit-all-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL::doc}\index{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:KRB5_AUTH_CONTEXT_PERMIT_ALL}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL} + & +\code{0x00000010} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE::doc}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:krb5-auth-context-ret-sequence}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:krb5-auth-context-ret-sequence-data}\index{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}} +\end{fulllineitems} + + +Save sequence numbers for application. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE} + & +\code{0x00000008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_RET\_TIME} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME::doc}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:krb5-auth-context-ret-time}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:krb5-auth-context-ret-time-data}\index{KRB5\_AUTH\_CONTEXT\_RET\_TIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}} +\end{fulllineitems} + + +Save timestamps for application. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_RET\_TIME} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY} +\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY::doc}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:krb5-auth-context-use-subkey-data}\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:krb5-auth-context-use-subkey}\index{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:KRB5_AUTH_CONTEXT_USE_SUBKEY}\pysigline{\bfcode{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY} + & +\code{0x00000020} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRED} +\label{appdev/refs/macros/KRB5_CRED:krb5-cred-data}\label{appdev/refs/macros/KRB5_CRED::doc}\label{appdev/refs/macros/KRB5_CRED:krb5-cred}\index{KRB5\_CRED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRED:KRB5_CRED}\pysigline{\bfcode{KRB5\_CRED}} +\end{fulllineitems} + + +Cred forwarding message. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRED} + & +\code{((krb5\_msgtype)22)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_CHECKSUM} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:krb5-crypto-type-checksum-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:krb5-crypto-type-checksum}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM::doc}\index{KRB5\_CRYPTO\_TYPE\_CHECKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_CHECKSUM}} +\end{fulllineitems} + + +{[}out{]} checksum for MIC + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_CHECKSUM} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_DATA} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA::doc}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:krb5-crypto-type-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:krb5-crypto-type-data-data}\index{KRB5\_CRYPTO\_TYPE\_DATA (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_DATA}} +\end{fulllineitems} + + +{[}in, out{]} plaintext + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_DATA} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_EMPTY} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY::doc}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:krb5-crypto-type-empty}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:krb5-crypto-type-empty-data}\index{KRB5\_CRYPTO\_TYPE\_EMPTY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:KRB5_CRYPTO_TYPE_EMPTY}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_EMPTY}} +\end{fulllineitems} + + +{[}in{]} ignored + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_EMPTY} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_HEADER} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:krb5-crypto-type-header}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:krb5-crypto-type-header-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER::doc}\index{KRB5\_CRYPTO\_TYPE\_HEADER (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:KRB5_CRYPTO_TYPE_HEADER}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_HEADER}} +\end{fulllineitems} + + +{[}out{]} header + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_HEADER} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_PADDING} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING::doc}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:krb5-crypto-type-padding-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:krb5-crypto-type-padding}\index{KRB5\_CRYPTO\_TYPE\_PADDING (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:KRB5_CRYPTO_TYPE_PADDING}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_PADDING}} +\end{fulllineitems} + + +{[}out{]} padding + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_PADDING} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:krb5-crypto-type-sign-only}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:krb5-crypto-type-sign-only-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY::doc}\index{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}} +\end{fulllineitems} + + +{[}in{]} associated data + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_STREAM} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:krb5-crypto-type-stream-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM::doc}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:krb5-crypto-type-stream}\index{KRB5\_CRYPTO\_TYPE\_STREAM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:KRB5_CRYPTO_TYPE_STREAM}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_STREAM}} +\end{fulllineitems} + + +{[}in{]} entire message without decomposing the structure into header, data and trailer buffers + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_STREAM} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CRYPTO\_TYPE\_TRAILER} +\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:krb5-crypto-type-trailer}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:krb5-crypto-type-trailer-data}\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER::doc}\index{KRB5\_CRYPTO\_TYPE\_TRAILER (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:KRB5_CRYPTO_TYPE_TRAILER}\pysigline{\bfcode{KRB5\_CRYPTO\_TYPE\_TRAILER}} +\end{fulllineitems} + + +{[}out{]} checksum for encrypt + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CRYPTO\_TYPE\_TRAILER} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_CYBERSAFE\_SECUREID} +\label{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:krb5-cybersafe-secureid}\label{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID::doc}\label{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:krb5-cybersafe-secureid-data}\index{KRB5\_CYBERSAFE\_SECUREID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:KRB5_CYBERSAFE_SECUREID}\pysigline{\bfcode{KRB5\_CYBERSAFE\_SECUREID}} +\end{fulllineitems} + + +Cybersafe. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_CYBERSAFE\_SECUREID} + & +\code{9} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_DOMAIN\_X500\_COMPRESS} +\label{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS::doc}\label{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:krb5-domain-x500-compress}\label{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:krb5-domain-x500-compress-data}\index{KRB5\_DOMAIN\_X500\_COMPRESS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:KRB5_DOMAIN_X500_COMPRESS}\pysigline{\bfcode{KRB5\_DOMAIN\_X500\_COMPRESS}} +\end{fulllineitems} + + +Transited encoding types. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_DOMAIN\_X500\_COMPRESS} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP} +\label{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:krb5-encpadata-req-enc-pa-rep}\label{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:krb5-encpadata-req-enc-pa-rep-data}\label{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP::doc}\index{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:KRB5_ENCPADATA_REQ_ENC_PA_REP}\pysigline{\bfcode{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP}} +\end{fulllineitems} + + +RFC 6806. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP} + & +\code{149} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_ERROR} +\label{appdev/refs/macros/KRB5_ERROR:krb5-error-data}\label{appdev/refs/macros/KRB5_ERROR:krb5-error}\label{appdev/refs/macros/KRB5_ERROR::doc}\index{KRB5\_ERROR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_ERROR:KRB5_ERROR}\pysigline{\bfcode{KRB5\_ERROR}} +\end{fulllineitems} + + +Error response. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_ERROR} + & +\code{((krb5\_msgtype)30)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_FAST\_REQUIRED} +\label{appdev/refs/macros/KRB5_FAST_REQUIRED:krb5-fast-required}\label{appdev/refs/macros/KRB5_FAST_REQUIRED:krb5-fast-required-data}\label{appdev/refs/macros/KRB5_FAST_REQUIRED::doc}\index{KRB5\_FAST\_REQUIRED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_FAST_REQUIRED:KRB5_FAST_REQUIRED}\pysigline{\bfcode{KRB5\_FAST\_REQUIRED}} +\end{fulllineitems} + + +Require KDC to support FAST. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_FAST\_REQUIRED} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_CACHED} +\label{appdev/refs/macros/KRB5_GC_CACHED:krb5-gc-cached}\label{appdev/refs/macros/KRB5_GC_CACHED:krb5-gc-cached-data}\label{appdev/refs/macros/KRB5_GC_CACHED::doc}\index{KRB5\_GC\_CACHED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_CACHED:KRB5_GC_CACHED}\pysigline{\bfcode{KRB5\_GC\_CACHED}} +\end{fulllineitems} + + +Want cached ticket only. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_CACHED} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_CANONICALIZE} +\label{appdev/refs/macros/KRB5_GC_CANONICALIZE:krb5-gc-canonicalize-data}\label{appdev/refs/macros/KRB5_GC_CANONICALIZE:krb5-gc-canonicalize}\label{appdev/refs/macros/KRB5_GC_CANONICALIZE::doc}\index{KRB5\_GC\_CANONICALIZE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_CANONICALIZE:KRB5_GC_CANONICALIZE}\pysigline{\bfcode{KRB5\_GC\_CANONICALIZE}} +\end{fulllineitems} + + +Set canonicalize KDC option. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_CANONICALIZE} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_CONSTRAINED\_DELEGATION} +\label{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:krb5-gc-constrained-delegation}\label{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:krb5-gc-constrained-delegation-data}\label{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION::doc}\index{KRB5\_GC\_CONSTRAINED\_DELEGATION (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:KRB5_GC_CONSTRAINED_DELEGATION}\pysigline{\bfcode{KRB5\_GC\_CONSTRAINED\_DELEGATION}} +\end{fulllineitems} + + +Constrained delegation. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_CONSTRAINED\_DELEGATION} + & +\code{64} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_FORWARDABLE} +\label{appdev/refs/macros/KRB5_GC_FORWARDABLE:krb5-gc-forwardable-data}\label{appdev/refs/macros/KRB5_GC_FORWARDABLE:krb5-gc-forwardable}\label{appdev/refs/macros/KRB5_GC_FORWARDABLE::doc}\index{KRB5\_GC\_FORWARDABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_FORWARDABLE:KRB5_GC_FORWARDABLE}\pysigline{\bfcode{KRB5\_GC\_FORWARDABLE}} +\end{fulllineitems} + + +Acquire forwardable tickets. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_FORWARDABLE} + & +\code{16} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_NO\_STORE} +\label{appdev/refs/macros/KRB5_GC_NO_STORE::doc}\label{appdev/refs/macros/KRB5_GC_NO_STORE:krb5-gc-no-store}\label{appdev/refs/macros/KRB5_GC_NO_STORE:krb5-gc-no-store-data}\index{KRB5\_GC\_NO\_STORE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_NO_STORE:KRB5_GC_NO_STORE}\pysigline{\bfcode{KRB5\_GC\_NO\_STORE}} +\end{fulllineitems} + + +Do not store in credential cache. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_NO\_STORE} + & +\code{8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_NO\_TRANSIT\_CHECK} +\label{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:krb5-gc-no-transit-check-data}\label{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:krb5-gc-no-transit-check}\label{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK::doc}\index{KRB5\_GC\_NO\_TRANSIT\_CHECK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:KRB5_GC_NO_TRANSIT_CHECK}\pysigline{\bfcode{KRB5\_GC\_NO\_TRANSIT\_CHECK}} +\end{fulllineitems} + + +Disable transited check. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_NO\_TRANSIT\_CHECK} + & +\code{32} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GC\_USER\_USER} +\label{appdev/refs/macros/KRB5_GC_USER_USER::doc}\label{appdev/refs/macros/KRB5_GC_USER_USER:krb5-gc-user-user}\label{appdev/refs/macros/KRB5_GC_USER_USER:krb5-gc-user-user-data}\index{KRB5\_GC\_USER\_USER (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GC_USER_USER:KRB5_GC_USER_USER}\pysigline{\bfcode{KRB5\_GC\_USER\_USER}} +\end{fulllineitems} + + +Want user-user ticket. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GC\_USER\_USER} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:krb5-get-init-creds-opt-address-list}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:krb5-get-init-creds-opt-address-list-data}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST} + & +\code{0x0020} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:krb5-get-init-creds-opt-anonymous-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:krb5-get-init-creds-opt-anonymous}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:KRB5_GET_INIT_CREDS_OPT_ANONYMOUS}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS} + & +\code{0x0400} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:krb5-get-init-creds-opt-canonicalize-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:krb5-get-init-creds-opt-canonicalize}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:KRB5_GET_INIT_CREDS_OPT_CANONICALIZE}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE} + & +\code{0x0200} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:krb5-get-init-creds-opt-chg-pwd-prmpt}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:krb5-get-init-creds-opt-chg-pwd-prmpt-data}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT} + & +\code{0x0100} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:krb5-get-init-creds-opt-etype-list-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:krb5-get-init-creds-opt-etype-list}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST::doc}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST} + & +\code{0x0010} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:krb5-get-init-creds-opt-forwardable}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:krb5-get-init-creds-opt-forwardable-data}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:KRB5_GET_INIT_CREDS_OPT_FORWARDABLE}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE} + & +\code{0x0004} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:krb5-get-init-creds-opt-preauth-list}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:krb5-get-init-creds-opt-preauth-list-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST::doc}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST} + & +\code{0x0040} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:krb5-get-init-creds-opt-proxiable-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:krb5-get-init-creds-opt-proxiable}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE::doc}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:KRB5_GET_INIT_CREDS_OPT_PROXIABLE}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE} + & +\code{0x0008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:krb5-get-init-creds-opt-renew-life-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:krb5-get-init-creds-opt-renew-life}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:krb5-get-init-creds-opt-salt-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:krb5-get-init-creds-opt-salt}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT::doc}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:KRB5_GET_INIT_CREDS_OPT_SALT}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT} + & +\code{0x0080} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE} +\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE::doc}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:krb5-get-init-creds-opt-tkt-life-data}\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:krb5-get-init-creds-opt-tkt-life}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:KRB5_GET_INIT_CREDS_OPT_TKT_LIFE}\pysigline{\bfcode{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INIT\_CONTEXT\_SECURE} +\label{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE::doc}\label{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:krb5-init-context-secure}\label{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:krb5-init-context-secure-data}\index{KRB5\_INIT\_CONTEXT\_SECURE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:KRB5_INIT_CONTEXT_SECURE}\pysigline{\bfcode{KRB5\_INIT\_CONTEXT\_SECURE}} +\end{fulllineitems} + + +Use secure context configuration. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INIT\_CONTEXT\_SECURE} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INIT\_CONTEXT\_KDC} +\label{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:krb5-init-context-kdc}\label{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC::doc}\label{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:krb5-init-context-kdc-data}\index{KRB5\_INIT\_CONTEXT\_KDC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:KRB5_INIT_CONTEXT_KDC}\pysigline{\bfcode{KRB5\_INIT\_CONTEXT\_KDC}} +\end{fulllineitems} + + +Use KDC configuration if available. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INIT\_CONTEXT\_KDC} + & +\code{0x2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE} +\label{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:krb5-init-creds-step-flag-continue-data}\label{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:krb5-init-creds-step-flag-continue}\label{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE::doc}\index{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:KRB5_INIT_CREDS_STEP_FLAG_CONTINUE}\pysigline{\bfcode{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}} +\end{fulllineitems} + + +More responses needed. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INT16\_MAX} +\label{appdev/refs/macros/KRB5_INT16_MAX:krb5-int16-max-data}\label{appdev/refs/macros/KRB5_INT16_MAX::doc}\label{appdev/refs/macros/KRB5_INT16_MAX:krb5-int16-max}\index{KRB5\_INT16\_MAX (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INT16_MAX:KRB5_INT16_MAX}\pysigline{\bfcode{KRB5\_INT16\_MAX}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INT16\_MAX} + & +\code{65535} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INT16\_MIN} +\label{appdev/refs/macros/KRB5_INT16_MIN:krb5-int16-min-data}\label{appdev/refs/macros/KRB5_INT16_MIN:krb5-int16-min}\label{appdev/refs/macros/KRB5_INT16_MIN::doc}\index{KRB5\_INT16\_MIN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INT16_MIN:KRB5_INT16_MIN}\pysigline{\bfcode{KRB5\_INT16\_MIN}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INT16\_MIN} + & +\code{(-KRB5\_INT16\_MAX-1)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INT32\_MAX} +\label{appdev/refs/macros/KRB5_INT32_MAX:krb5-int32-max-data}\label{appdev/refs/macros/KRB5_INT32_MAX:krb5-int32-max}\label{appdev/refs/macros/KRB5_INT32_MAX::doc}\index{KRB5\_INT32\_MAX (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INT32_MAX:KRB5_INT32_MAX}\pysigline{\bfcode{KRB5\_INT32\_MAX}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INT32\_MAX} + & +\code{2147483647} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_INT32\_MIN} +\label{appdev/refs/macros/KRB5_INT32_MIN:krb5-int32-min-data}\label{appdev/refs/macros/KRB5_INT32_MIN::doc}\label{appdev/refs/macros/KRB5_INT32_MIN:krb5-int32-min}\index{KRB5\_INT32\_MIN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_INT32_MIN:KRB5_INT32_MIN}\pysigline{\bfcode{KRB5\_INT32\_MIN}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_INT32\_MIN} + & +\code{(-KRB5\_INT32\_MAX-1)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AD\_ITE} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:krb5-keyusage-ad-ite-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:krb5-keyusage-ad-ite}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE::doc}\index{KRB5\_KEYUSAGE\_AD\_ITE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:KRB5_KEYUSAGE_AD_ITE}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AD\_ITE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AD\_ITE} + & +\code{21} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:krb5-keyusage-ad-kdcissued-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:krb5-keyusage-ad-kdcissued-cksum}\index{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM} + & +\code{19} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AD\_MTE} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:krb5-keyusage-ad-mte-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:krb5-keyusage-ad-mte}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE::doc}\index{KRB5\_KEYUSAGE\_AD\_MTE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:KRB5_KEYUSAGE_AD_MTE}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AD\_MTE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AD\_MTE} + & +\code{20} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:krb5-keyusage-ad-signedpath-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:krb5-keyusage-ad-signedpath}\index{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:KRB5_KEYUSAGE_AD_SIGNEDPATH}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH} + & +\code{-21} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:krb5-keyusage-app-data-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:krb5-keyusage-app-data-cksum}\index{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:KRB5_KEYUSAGE_APP_DATA_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM} + & +\code{17} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT} +\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:krb5-keyusage-app-data-encrypt}\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:krb5-keyusage-app-data-encrypt-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT::doc}\index{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:KRB5_KEYUSAGE_APP_DATA_ENCRYPT}\pysigline{\bfcode{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT} + & +\code{16} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:krb5-keyusage-ap-rep-encpart}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:krb5-keyusage-ap-rep-encpart-data}\index{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:KRB5_KEYUSAGE_AP_REP_ENCPART}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART} + & +\code{12} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:krb5-keyusage-ap-req-auth}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:krb5-keyusage-ap-req-auth-data}\index{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:KRB5_KEYUSAGE_AP_REQ_AUTH}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH} + & +\code{11} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:krb5-keyusage-ap-req-auth-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:krb5-keyusage-ap-req-auth-cksum}\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM::doc}\index{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM} + & +\code{10} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:krb5-keyusage-as-rep-encpart-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:krb5-keyusage-as-rep-encpart}\index{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:KRB5_KEYUSAGE_AS_REP_ENCPART}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AS\_REQ} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:krb5-keyusage-as-req-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:krb5-keyusage-as-req}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ::doc}\index{KRB5\_KEYUSAGE\_AS\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:KRB5_KEYUSAGE_AS_REQ}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AS\_REQ}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AS\_REQ} + & +\code{56} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS} +\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:krb5-keyusage-as-req-pa-enc-ts-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:krb5-keyusage-as-req-pa-enc-ts}\index{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS}\pysigline{\bfcode{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_CAMMAC} +\label{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:krb5-keyusage-cammac}\label{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:krb5-keyusage-cammac-data}\index{KRB5\_KEYUSAGE\_CAMMAC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:KRB5_KEYUSAGE_CAMMAC}\pysigline{\bfcode{KRB5\_KEYUSAGE\_CAMMAC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_CAMMAC} + & +\code{64} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT} +\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:krb5-keyusage-enc-challenge-client-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:krb5-keyusage-enc-challenge-client}\index{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT}\pysigline{\bfcode{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT} + & +\code{54} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC} +\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:krb5-keyusage-enc-challenge-kdc-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:krb5-keyusage-enc-challenge-kdc}\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC::doc}\index{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:KRB5_KEYUSAGE_ENC_CHALLENGE_KDC}\pysigline{\bfcode{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC} + & +\code{55} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_FAST\_ENC} +\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:krb5-keyusage-fast-enc-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:krb5-keyusage-fast-enc}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC::doc}\index{KRB5\_KEYUSAGE\_FAST\_ENC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:KRB5_KEYUSAGE_FAST_ENC}\pysigline{\bfcode{KRB5\_KEYUSAGE\_FAST\_ENC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_FAST\_ENC} + & +\code{51} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_FAST\_FINISHED} +\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:krb5-keyusage-fast-finished-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:krb5-keyusage-fast-finished}\index{KRB5\_KEYUSAGE\_FAST\_FINISHED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:KRB5_KEYUSAGE_FAST_FINISHED}\pysigline{\bfcode{KRB5\_KEYUSAGE\_FAST\_FINISHED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_FAST\_FINISHED} + & +\code{53} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_FAST\_REP} +\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:krb5-keyusage-fast-rep-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:krb5-keyusage-fast-rep}\index{KRB5\_KEYUSAGE\_FAST\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:KRB5_KEYUSAGE_FAST_REP}\pysigline{\bfcode{KRB5\_KEYUSAGE\_FAST\_REP}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_FAST\_REP} + & +\code{52} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:krb5-keyusage-fast-req-chksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:krb5-keyusage-fast-req-chksum}\index{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:KRB5_KEYUSAGE_FAST_REQ_CHKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM} + & +\code{50} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC} +\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:krb5-keyusage-gss-tok-mic}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:krb5-keyusage-gss-tok-mic-data}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:KRB5_KEYUSAGE_GSS_TOK_MIC}\pysigline{\bfcode{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC} + & +\code{22} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG} +\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:krb5-keyusage-gss-tok-wrap-integ}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:krb5-keyusage-gss-tok-wrap-integ-data}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG}\pysigline{\bfcode{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG} + & +\code{23} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV} +\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:krb5-keyusage-gss-tok-wrap-priv-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:krb5-keyusage-gss-tok-wrap-priv}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV}\pysigline{\bfcode{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV} + & +\code{24} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_IAKERB\_FINISHED} +\label{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:krb5-keyusage-iakerb-finished-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:krb5-keyusage-iakerb-finished}\index{KRB5\_KEYUSAGE\_IAKERB\_FINISHED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:KRB5_KEYUSAGE_IAKERB_FINISHED}\pysigline{\bfcode{KRB5\_KEYUSAGE\_IAKERB\_FINISHED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_IAKERB\_FINISHED} + & +\code{42} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET} +\label{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:krb5-keyusage-kdc-rep-ticket-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:krb5-keyusage-kdc-rep-ticket}\index{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:KRB5_KEYUSAGE_KDC_REP_TICKET}\pysigline{\bfcode{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART} +\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:krb5-keyusage-krb-cred-encpart-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:krb5-keyusage-krb-cred-encpart}\index{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:KRB5_KEYUSAGE_KRB_CRED_ENCPART}\pysigline{\bfcode{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART} + & +\code{14} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:krb5-keyusage-krb-error-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:krb5-keyusage-krb-error-cksum}\index{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:KRB5_KEYUSAGE_KRB_ERROR_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM} + & +\code{18} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART} +\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:krb5-keyusage-krb-priv-encpart}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:krb5-keyusage-krb-priv-encpart-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART::doc}\index{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:KRB5_KEYUSAGE_KRB_PRIV_ENCPART}\pysigline{\bfcode{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART} + & +\code{13} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:krb5-keyusage-krb-safe-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:krb5-keyusage-krb-safe-cksum}\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM::doc}\index{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:KRB5_KEYUSAGE_KRB_SAFE_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM} + & +\code{15} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:krb5-keyusage-pa-fx-cookie}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:krb5-keyusage-pa-fx-cookie-data}\index{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:KRB5_KEYUSAGE_PA_FX_COOKIE}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE}} +\end{fulllineitems} + + +Used for encrypted FAST cookies. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE} + & +\code{513} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:krb5-keyusage-pa-otp-request}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:krb5-keyusage-pa-otp-request-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST::doc}\index{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:KRB5_KEYUSAGE_PA_OTP_REQUEST}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST}} +\end{fulllineitems} + + +See RFC 6560 section 4.2. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST} + & +\code{45} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:krb5-keyusage-pa-pkinit-kx-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:krb5-keyusage-pa-pkinit-kx}\index{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:KRB5_KEYUSAGE_PA_PKINIT_KX}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX} + & +\code{44} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:krb5-keyusage-pa-s4u-x509-user-reply-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:krb5-keyusage-pa-s4u-x509-user-reply}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY::doc}\index{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY}} +\end{fulllineitems} + + +Note conflict with \code{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE} . + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY} + & +\code{27} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:krb5-keyusage-pa-s4u-x509-user-request}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:krb5-keyusage-pa-s4u-x509-user-request-data}\index{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST}} +\end{fulllineitems} + + +Note conflict with \code{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID} . + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST} + & +\code{26} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:krb5-keyusage-pa-sam-challenge-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:krb5-keyusage-pa-sam-challenge-cksum}\index{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM} + & +\code{25} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:krb5-keyusage-pa-sam-challenge-trackid}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:krb5-keyusage-pa-sam-challenge-trackid-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID::doc}\index{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID}} +\end{fulllineitems} + + +Note conflict with \code{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST} . + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID} + & +\code{26} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE} +\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:krb5-keyusage-pa-sam-response-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:krb5-keyusage-pa-sam-response}\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE::doc}\index{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:KRB5_KEYUSAGE_PA_SAM_RESPONSE}\pysigline{\bfcode{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE}} +\end{fulllineitems} + + +Note conflict with \code{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY} . + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE} + & +\code{27} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:krb5-keyusage-tgs-rep-encpart-sesskey}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:krb5-keyusage-tgs-rep-encpart-sesskey-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY::doc}\index{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY} + & +\code{8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:krb5-keyusage-tgs-rep-encpart-subkey-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:krb5-keyusage-tgs-rep-encpart-subkey}\index{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY} + & +\code{9} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:krb5-keyusage-tgs-req-ad-sesskey}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:krb5-keyusage-tgs-req-ad-sesskey-data}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:krb5-keyusage-tgs-req-ad-subkey}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:krb5-keyusage-tgs-req-ad-subkey-data}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:krb5-keyusage-tgs-req-auth}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:krb5-keyusage-tgs-req-auth-data}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:KRB5_KEYUSAGE_TGS_REQ_AUTH}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM} +\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:krb5-keyusage-tgs-req-auth-cksum-data}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM::doc}\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:krb5-keyusage-tgs-req-auth-cksum}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM}\pysigline{\bfcode{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_ACCESSDENIED} +\label{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:krb5-kpasswd-accessdenied}\label{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:krb5-kpasswd-accessdenied-data}\label{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED::doc}\index{KRB5\_KPASSWD\_ACCESSDENIED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:KRB5_KPASSWD_ACCESSDENIED}\pysigline{\bfcode{KRB5\_KPASSWD\_ACCESSDENIED}} +\end{fulllineitems} + + +Not authorized. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_ACCESSDENIED} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_AUTHERROR} +\label{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:krb5-kpasswd-autherror-data}\label{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:krb5-kpasswd-autherror}\label{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR::doc}\index{KRB5\_KPASSWD\_AUTHERROR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:KRB5_KPASSWD_AUTHERROR}\pysigline{\bfcode{KRB5\_KPASSWD\_AUTHERROR}} +\end{fulllineitems} + + +Authentication error. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_AUTHERROR} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_BAD\_VERSION} +\label{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:krb5-kpasswd-bad-version-data}\label{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:krb5-kpasswd-bad-version}\label{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION::doc}\index{KRB5\_KPASSWD\_BAD\_VERSION (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:KRB5_KPASSWD_BAD_VERSION}\pysigline{\bfcode{KRB5\_KPASSWD\_BAD\_VERSION}} +\end{fulllineitems} + + +Unknown RPC version. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_BAD\_VERSION} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_HARDERROR} +\label{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:krb5-kpasswd-harderror}\label{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:krb5-kpasswd-harderror-data}\label{appdev/refs/macros/KRB5_KPASSWD_HARDERROR::doc}\index{KRB5\_KPASSWD\_HARDERROR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:KRB5_KPASSWD_HARDERROR}\pysigline{\bfcode{KRB5\_KPASSWD\_HARDERROR}} +\end{fulllineitems} + + +Server error. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_HARDERROR} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED} +\label{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:krb5-kpasswd-initial-flag-needed}\label{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED::doc}\label{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:krb5-kpasswd-initial-flag-needed-data}\index{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:KRB5_KPASSWD_INITIAL_FLAG_NEEDED}\pysigline{\bfcode{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED}} +\end{fulllineitems} + + +The presented credentials were not obtained using a password directly. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_MALFORMED} +\label{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:krb5-kpasswd-malformed-data}\label{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:krb5-kpasswd-malformed}\label{appdev/refs/macros/KRB5_KPASSWD_MALFORMED::doc}\index{KRB5\_KPASSWD\_MALFORMED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:KRB5_KPASSWD_MALFORMED}\pysigline{\bfcode{KRB5\_KPASSWD\_MALFORMED}} +\end{fulllineitems} + + +Malformed request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_MALFORMED} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_SOFTERROR} +\label{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR::doc}\label{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:krb5-kpasswd-softerror}\label{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:krb5-kpasswd-softerror-data}\index{KRB5\_KPASSWD\_SOFTERROR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:KRB5_KPASSWD_SOFTERROR}\pysigline{\bfcode{KRB5\_KPASSWD\_SOFTERROR}} +\end{fulllineitems} + + +Password change rejected. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_SOFTERROR} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_KPASSWD\_SUCCESS} +\label{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:krb5-kpasswd-success-data}\label{appdev/refs/macros/KRB5_KPASSWD_SUCCESS::doc}\label{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:krb5-kpasswd-success}\index{KRB5\_KPASSWD\_SUCCESS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:KRB5_KPASSWD_SUCCESS}\pysigline{\bfcode{KRB5\_KPASSWD\_SUCCESS}} +\end{fulllineitems} + + +Success. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_KPASSWD\_SUCCESS} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME} +\label{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME::doc}\label{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:krb5-lrq-all-acct-exptime}\label{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:krb5-lrq-all-acct-exptime-data}\index{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:KRB5_LRQ_ALL_ACCT_EXPTIME}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_LAST\_INITIAL} +\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL::doc}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:krb5-lrq-all-last-initial}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:krb5-lrq-all-last-initial-data}\index{KRB5\_LRQ\_ALL\_LAST\_INITIAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:KRB5_LRQ_ALL_LAST_INITIAL}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_LAST\_INITIAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_LAST\_INITIAL} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_LAST\_RENEWAL} +\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:krb5-lrq-all-last-renewal}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:krb5-lrq-all-last-renewal-data}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL::doc}\index{KRB5\_LRQ\_ALL\_LAST\_RENEWAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:KRB5_LRQ_ALL_LAST_RENEWAL}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_LAST\_RENEWAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_LAST\_RENEWAL} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_LAST\_REQ} +\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ::doc}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:krb5-lrq-all-last-req}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:krb5-lrq-all-last-req-data}\index{KRB5\_LRQ\_ALL\_LAST\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:KRB5_LRQ_ALL_LAST_REQ}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_LAST\_REQ}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_LAST\_REQ} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_LAST\_TGT} +\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:krb5-lrq-all-last-tgt-data}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:krb5-lrq-all-last-tgt}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT::doc}\index{KRB5\_LRQ\_ALL\_LAST\_TGT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:KRB5_LRQ_ALL_LAST_TGT}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_LAST\_TGT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_LAST\_TGT} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED} +\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED::doc}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:krb5-lrq-all-last-tgt-issued}\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:krb5-lrq-all-last-tgt-issued-data}\index{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:KRB5_LRQ_ALL_LAST_TGT_ISSUED}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ALL\_PW\_EXPTIME} +\label{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:krb5-lrq-all-pw-exptime-data}\label{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME::doc}\label{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:krb5-lrq-all-pw-exptime}\index{KRB5\_LRQ\_ALL\_PW\_EXPTIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:KRB5_LRQ_ALL_PW_EXPTIME}\pysigline{\bfcode{KRB5\_LRQ\_ALL\_PW\_EXPTIME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ALL\_PW\_EXPTIME} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_NONE} +\label{appdev/refs/macros/KRB5_LRQ_NONE:krb5-lrq-none-data}\label{appdev/refs/macros/KRB5_LRQ_NONE::doc}\label{appdev/refs/macros/KRB5_LRQ_NONE:krb5-lrq-none}\index{KRB5\_LRQ\_NONE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_NONE:KRB5_LRQ_NONE}\pysigline{\bfcode{KRB5\_LRQ\_NONE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_NONE} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME} +\label{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME::doc}\label{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:krb5-lrq-one-acct-exptime}\label{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:krb5-lrq-one-acct-exptime-data}\index{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:KRB5_LRQ_ONE_ACCT_EXPTIME}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME} + & +\code{(-7)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_LAST\_INITIAL} +\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:krb5-lrq-one-last-initial-data}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL::doc}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:krb5-lrq-one-last-initial}\index{KRB5\_LRQ\_ONE\_LAST\_INITIAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:KRB5_LRQ_ONE_LAST_INITIAL}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_LAST\_INITIAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_LAST\_INITIAL} + & +\code{(-2)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_LAST\_RENEWAL} +\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:krb5-lrq-one-last-renewal-data}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL::doc}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:krb5-lrq-one-last-renewal}\index{KRB5\_LRQ\_ONE\_LAST\_RENEWAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:KRB5_LRQ_ONE_LAST_RENEWAL}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_LAST\_RENEWAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_LAST\_RENEWAL} + & +\code{(-4)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_LAST\_REQ} +\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ::doc}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:krb5-lrq-one-last-req}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:krb5-lrq-one-last-req-data}\index{KRB5\_LRQ\_ONE\_LAST\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:KRB5_LRQ_ONE_LAST_REQ}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_LAST\_REQ}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_LAST\_REQ} + & +\code{(-5)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_LAST\_TGT} +\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:krb5-lrq-one-last-tgt-data}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT::doc}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:krb5-lrq-one-last-tgt}\index{KRB5\_LRQ\_ONE\_LAST\_TGT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:KRB5_LRQ_ONE_LAST_TGT}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_LAST\_TGT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_LAST\_TGT} + & +\code{(-1)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED} +\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:krb5-lrq-one-last-tgt-issued}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:krb5-lrq-one-last-tgt-issued-data}\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED::doc}\index{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:KRB5_LRQ_ONE_LAST_TGT_ISSUED}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED} + & +\code{(-3)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_LRQ\_ONE\_PW\_EXPTIME} +\label{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:krb5-lrq-one-pw-exptime}\label{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:krb5-lrq-one-pw-exptime-data}\label{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME::doc}\index{KRB5\_LRQ\_ONE\_PW\_EXPTIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:KRB5_LRQ_ONE_PW_EXPTIME}\pysigline{\bfcode{KRB5\_LRQ\_ONE\_PW\_EXPTIME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_LRQ\_ONE\_PW\_EXPTIME} + & +\code{(-6)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_ENTERPRISE\_PRINCIPAL} +\label{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:krb5-nt-enterprise-principal-data}\label{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:krb5-nt-enterprise-principal}\label{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL::doc}\index{KRB5\_NT\_ENTERPRISE\_PRINCIPAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:KRB5_NT_ENTERPRISE_PRINCIPAL}\pysigline{\bfcode{KRB5\_NT\_ENTERPRISE\_PRINCIPAL}} +\end{fulllineitems} + + +Windows 2000 UPN. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_ENTERPRISE\_PRINCIPAL} + & +\code{10} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID} +\label{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:krb5-nt-ent-principal-and-id-data}\label{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID::doc}\label{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:krb5-nt-ent-principal-and-id}\index{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:KRB5_NT_ENT_PRINCIPAL_AND_ID}\pysigline{\bfcode{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID}} +\end{fulllineitems} + + +NT 4 style name and SID. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID} + & +\code{-130} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_MS\_PRINCIPAL} +\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL::doc}\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:krb5-nt-ms-principal}\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:krb5-nt-ms-principal-data}\index{KRB5\_NT\_MS\_PRINCIPAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:KRB5_NT_MS_PRINCIPAL}\pysigline{\bfcode{KRB5\_NT\_MS\_PRINCIPAL}} +\end{fulllineitems} + + +Windows 2000 UPN and SID. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_MS\_PRINCIPAL} + & +\code{-128} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID} +\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:krb5-nt-ms-principal-and-id-data}\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID::doc}\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:krb5-nt-ms-principal-and-id}\index{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:KRB5_NT_MS_PRINCIPAL_AND_ID}\pysigline{\bfcode{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID}} +\end{fulllineitems} + + +NT 4 style name. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID} + & +\code{-129} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_PRINCIPAL} +\label{appdev/refs/macros/KRB5_NT_PRINCIPAL:krb5-nt-principal}\label{appdev/refs/macros/KRB5_NT_PRINCIPAL::doc}\label{appdev/refs/macros/KRB5_NT_PRINCIPAL:krb5-nt-principal-data}\index{KRB5\_NT\_PRINCIPAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_PRINCIPAL:KRB5_NT_PRINCIPAL}\pysigline{\bfcode{KRB5\_NT\_PRINCIPAL}} +\end{fulllineitems} + + +Just the name of the principal as in DCE, or for users. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_PRINCIPAL} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_SMTP\_NAME} +\label{appdev/refs/macros/KRB5_NT_SMTP_NAME:krb5-nt-smtp-name}\label{appdev/refs/macros/KRB5_NT_SMTP_NAME:krb5-nt-smtp-name-data}\label{appdev/refs/macros/KRB5_NT_SMTP_NAME::doc}\index{KRB5\_NT\_SMTP\_NAME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_SMTP_NAME:KRB5_NT_SMTP_NAME}\pysigline{\bfcode{KRB5\_NT\_SMTP\_NAME}} +\end{fulllineitems} + + +Name in form of SMTP email name. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_SMTP\_NAME} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_SRV\_HST} +\label{appdev/refs/macros/KRB5_NT_SRV_HST:krb5-nt-srv-hst-data}\label{appdev/refs/macros/KRB5_NT_SRV_HST::doc}\label{appdev/refs/macros/KRB5_NT_SRV_HST:krb5-nt-srv-hst}\index{KRB5\_NT\_SRV\_HST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_SRV_HST:KRB5_NT_SRV_HST}\pysigline{\bfcode{KRB5\_NT\_SRV\_HST}} +\end{fulllineitems} + + +Service with host name as instance (telnet, rcommands) + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_SRV\_HST} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_SRV\_INST} +\label{appdev/refs/macros/KRB5_NT_SRV_INST:krb5-nt-srv-inst-data}\label{appdev/refs/macros/KRB5_NT_SRV_INST::doc}\label{appdev/refs/macros/KRB5_NT_SRV_INST:krb5-nt-srv-inst}\index{KRB5\_NT\_SRV\_INST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_SRV_INST:KRB5_NT_SRV_INST}\pysigline{\bfcode{KRB5\_NT\_SRV\_INST}} +\end{fulllineitems} + + +Service and other unique instance (krbtgt) + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_SRV\_INST} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_SRV\_XHST} +\label{appdev/refs/macros/KRB5_NT_SRV_XHST:krb5-nt-srv-xhst}\label{appdev/refs/macros/KRB5_NT_SRV_XHST:krb5-nt-srv-xhst-data}\label{appdev/refs/macros/KRB5_NT_SRV_XHST::doc}\index{KRB5\_NT\_SRV\_XHST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_SRV_XHST:KRB5_NT_SRV_XHST}\pysigline{\bfcode{KRB5\_NT\_SRV\_XHST}} +\end{fulllineitems} + + +Service with host as remaining components. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_SRV\_XHST} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_UID} +\label{appdev/refs/macros/KRB5_NT_UID:krb5-nt-uid}\label{appdev/refs/macros/KRB5_NT_UID:krb5-nt-uid-data}\label{appdev/refs/macros/KRB5_NT_UID::doc}\index{KRB5\_NT\_UID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_UID:KRB5_NT_UID}\pysigline{\bfcode{KRB5\_NT\_UID}} +\end{fulllineitems} + + +Unique ID. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_UID} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_UNKNOWN} +\label{appdev/refs/macros/KRB5_NT_UNKNOWN::doc}\label{appdev/refs/macros/KRB5_NT_UNKNOWN:krb5-nt-unknown}\label{appdev/refs/macros/KRB5_NT_UNKNOWN:krb5-nt-unknown-data}\index{KRB5\_NT\_UNKNOWN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_UNKNOWN:KRB5_NT_UNKNOWN}\pysigline{\bfcode{KRB5\_NT\_UNKNOWN}} +\end{fulllineitems} + + +Name type not known. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_UNKNOWN} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_WELLKNOWN} +\label{appdev/refs/macros/KRB5_NT_WELLKNOWN:krb5-nt-wellknown-data}\label{appdev/refs/macros/KRB5_NT_WELLKNOWN:krb5-nt-wellknown}\label{appdev/refs/macros/KRB5_NT_WELLKNOWN::doc}\index{KRB5\_NT\_WELLKNOWN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_WELLKNOWN:KRB5_NT_WELLKNOWN}\pysigline{\bfcode{KRB5\_NT\_WELLKNOWN}} +\end{fulllineitems} + + +Well-known (special) principal. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_WELLKNOWN} + & +\code{11} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_NT\_X500\_PRINCIPAL} +\label{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:krb5-nt-x500-principal-data}\label{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL::doc}\label{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:krb5-nt-x500-principal}\index{KRB5\_NT\_X500\_PRINCIPAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:KRB5_NT_X500_PRINCIPAL}\pysigline{\bfcode{KRB5\_NT\_X500\_PRINCIPAL}} +\end{fulllineitems} + + +PKINIT. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_NT\_X500\_PRINCIPAL} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_CLIENT\_INFO} +\label{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:krb5-pac-client-info}\label{appdev/refs/macros/KRB5_PAC_CLIENT_INFO::doc}\label{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:krb5-pac-client-info-data}\index{KRB5\_PAC\_CLIENT\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:KRB5_PAC_CLIENT_INFO}\pysigline{\bfcode{KRB5\_PAC\_CLIENT\_INFO}} +\end{fulllineitems} + + +Client name and ticket info. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_CLIENT\_INFO} + & +\code{10} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_CREDENTIALS\_INFO} +\label{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO::doc}\label{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:krb5-pac-credentials-info}\label{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:krb5-pac-credentials-info-data}\index{KRB5\_PAC\_CREDENTIALS\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:KRB5_PAC_CREDENTIALS_INFO}\pysigline{\bfcode{KRB5\_PAC\_CREDENTIALS\_INFO}} +\end{fulllineitems} + + +Credentials information. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_CREDENTIALS\_INFO} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_DELEGATION\_INFO} +\label{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO::doc}\label{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:krb5-pac-delegation-info-data}\label{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:krb5-pac-delegation-info}\index{KRB5\_PAC\_DELEGATION\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:KRB5_PAC_DELEGATION_INFO}\pysigline{\bfcode{KRB5\_PAC\_DELEGATION\_INFO}} +\end{fulllineitems} + + +Constrained delegation info. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_DELEGATION\_INFO} + & +\code{11} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_LOGON\_INFO} +\label{appdev/refs/macros/KRB5_PAC_LOGON_INFO:krb5-pac-logon-info}\label{appdev/refs/macros/KRB5_PAC_LOGON_INFO:krb5-pac-logon-info-data}\label{appdev/refs/macros/KRB5_PAC_LOGON_INFO::doc}\index{KRB5\_PAC\_LOGON\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_LOGON_INFO:KRB5_PAC_LOGON_INFO}\pysigline{\bfcode{KRB5\_PAC\_LOGON\_INFO}} +\end{fulllineitems} + + +Logon information. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_LOGON\_INFO} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_PRIVSVR\_CHECKSUM} +\label{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:krb5-pac-privsvr-checksum-data}\label{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM::doc}\label{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:krb5-pac-privsvr-checksum}\index{KRB5\_PAC\_PRIVSVR\_CHECKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:KRB5_PAC_PRIVSVR_CHECKSUM}\pysigline{\bfcode{KRB5\_PAC\_PRIVSVR\_CHECKSUM}} +\end{fulllineitems} + + +KDC checksum. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_PRIVSVR\_CHECKSUM} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_SERVER\_CHECKSUM} +\label{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:krb5-pac-server-checksum-data}\label{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:krb5-pac-server-checksum}\label{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM::doc}\index{KRB5\_PAC\_SERVER\_CHECKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:KRB5_PAC_SERVER_CHECKSUM}\pysigline{\bfcode{KRB5\_PAC\_SERVER\_CHECKSUM}} +\end{fulllineitems} + + +Server checksum. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_SERVER\_CHECKSUM} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PAC\_UPN\_DNS\_INFO} +\label{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:krb5-pac-upn-dns-info-data}\label{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO::doc}\label{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:krb5-pac-upn-dns-info}\index{KRB5\_PAC\_UPN\_DNS\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:KRB5_PAC_UPN_DNS_INFO}\pysigline{\bfcode{KRB5\_PAC\_UPN\_DNS\_INFO}} +\end{fulllineitems} + + +User principal name and DNS info. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PAC\_UPN\_DNS\_INFO} + & +\code{12} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_AFS3\_SALT} +\label{appdev/refs/macros/KRB5_PADATA_AFS3_SALT::doc}\label{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:krb5-padata-afs3-salt}\label{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:krb5-padata-afs3-salt-data}\index{KRB5\_PADATA\_AFS3\_SALT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:KRB5_PADATA_AFS3_SALT}\pysigline{\bfcode{KRB5\_PADATA\_AFS3\_SALT}} +\end{fulllineitems} + + +Cygnus. + +RFC 4120, 3961 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_AFS3\_SALT} + & +\code{10} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_AP\_REQ} +\label{appdev/refs/macros/KRB5_PADATA_AP_REQ::doc}\label{appdev/refs/macros/KRB5_PADATA_AP_REQ:krb5-padata-ap-req-data}\label{appdev/refs/macros/KRB5_PADATA_AP_REQ:krb5-padata-ap-req}\index{KRB5\_PADATA\_AP\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_AP_REQ:KRB5_PADATA_AP_REQ}\pysigline{\bfcode{KRB5\_PADATA\_AP\_REQ}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_AP\_REQ} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_AS\_CHECKSUM} +\label{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:krb5-padata-as-checksum}\label{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:krb5-padata-as-checksum-data}\label{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM::doc}\index{KRB5\_PADATA\_AS\_CHECKSUM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:KRB5_PADATA_AS_CHECKSUM}\pysigline{\bfcode{KRB5\_PADATA\_AS\_CHECKSUM}} +\end{fulllineitems} + + +AS checksum. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_AS\_CHECKSUM} + & +\code{132} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE} +\label{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:krb5-padata-encrypted-challenge-data}\label{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:krb5-padata-encrypted-challenge}\label{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE::doc}\index{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:KRB5_PADATA_ENCRYPTED_CHALLENGE}\pysigline{\bfcode{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE}} +\end{fulllineitems} + + +RFC 6113. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE} + & +\code{138} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ENC\_SANDIA\_SECURID} +\label{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:krb5-padata-enc-sandia-securid-data}\label{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:krb5-padata-enc-sandia-securid}\label{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID::doc}\index{KRB5\_PADATA\_ENC\_SANDIA\_SECURID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:KRB5_PADATA_ENC_SANDIA_SECURID}\pysigline{\bfcode{KRB5\_PADATA\_ENC\_SANDIA\_SECURID}} +\end{fulllineitems} + + +SecurId passcode. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ENC\_SANDIA\_SECURID} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ENC\_TIMESTAMP} +\label{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP::doc}\label{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:krb5-padata-enc-timestamp}\label{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:krb5-padata-enc-timestamp-data}\index{KRB5\_PADATA\_ENC\_TIMESTAMP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:KRB5_PADATA_ENC_TIMESTAMP}\pysigline{\bfcode{KRB5\_PADATA\_ENC\_TIMESTAMP}} +\end{fulllineitems} + + +RFC 4120. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ENC\_TIMESTAMP} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ENC\_UNIX\_TIME} +\label{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:krb5-padata-enc-unix-time}\label{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:krb5-padata-enc-unix-time-data}\label{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME::doc}\index{KRB5\_PADATA\_ENC\_UNIX\_TIME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:KRB5_PADATA_ENC_UNIX_TIME}\pysigline{\bfcode{KRB5\_PADATA\_ENC\_UNIX\_TIME}} +\end{fulllineitems} + + +timestamp encrypted in key. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ENC\_UNIX\_TIME} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ETYPE\_INFO} +\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO::doc}\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:krb5-padata-etype-info}\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:krb5-padata-etype-info-data}\index{KRB5\_PADATA\_ETYPE\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:KRB5_PADATA_ETYPE_INFO}\pysigline{\bfcode{KRB5\_PADATA\_ETYPE\_INFO}} +\end{fulllineitems} + + +Etype info for preauth. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ETYPE\_INFO} + & +\code{11} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_ETYPE\_INFO2} +\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:krb5-padata-etype-info2-data}\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:krb5-padata-etype-info2}\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2::doc}\index{KRB5\_PADATA\_ETYPE\_INFO2 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:KRB5_PADATA_ETYPE_INFO2}\pysigline{\bfcode{KRB5\_PADATA\_ETYPE\_INFO2}} +\end{fulllineitems} + + +RFC 4120. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_ETYPE\_INFO2} + & +\code{19} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_FOR\_USER} +\label{appdev/refs/macros/KRB5_PADATA_FOR_USER:krb5-padata-for-user}\label{appdev/refs/macros/KRB5_PADATA_FOR_USER::doc}\label{appdev/refs/macros/KRB5_PADATA_FOR_USER:krb5-padata-for-user-data}\index{KRB5\_PADATA\_FOR\_USER (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_FOR_USER:KRB5_PADATA_FOR_USER}\pysigline{\bfcode{KRB5\_PADATA\_FOR\_USER}} +\end{fulllineitems} + + +username protocol transition request + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_FOR\_USER} + & +\code{129} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_FX\_COOKIE} +\label{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:krb5-padata-fx-cookie}\label{appdev/refs/macros/KRB5_PADATA_FX_COOKIE::doc}\label{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:krb5-padata-fx-cookie-data}\index{KRB5\_PADATA\_FX\_COOKIE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:KRB5_PADATA_FX_COOKIE}\pysigline{\bfcode{KRB5\_PADATA\_FX\_COOKIE}} +\end{fulllineitems} + + +RFC 6113. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_FX\_COOKIE} + & +\code{133} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_FX\_ERROR} +\label{appdev/refs/macros/KRB5_PADATA_FX_ERROR:krb5-padata-fx-error}\label{appdev/refs/macros/KRB5_PADATA_FX_ERROR::doc}\label{appdev/refs/macros/KRB5_PADATA_FX_ERROR:krb5-padata-fx-error-data}\index{KRB5\_PADATA\_FX\_ERROR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_FX_ERROR:KRB5_PADATA_FX_ERROR}\pysigline{\bfcode{KRB5\_PADATA\_FX\_ERROR}} +\end{fulllineitems} + + +RFC 6113. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_FX\_ERROR} + & +\code{137} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_FX\_FAST} +\label{appdev/refs/macros/KRB5_PADATA_FX_FAST::doc}\label{appdev/refs/macros/KRB5_PADATA_FX_FAST:krb5-padata-fx-fast}\label{appdev/refs/macros/KRB5_PADATA_FX_FAST:krb5-padata-fx-fast-data}\index{KRB5\_PADATA\_FX\_FAST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_FX_FAST:KRB5_PADATA_FX_FAST}\pysigline{\bfcode{KRB5\_PADATA\_FX\_FAST}} +\end{fulllineitems} + + +RFC 6113. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_FX\_FAST} + & +\code{136} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA} +\label{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:krb5-padata-get-from-typed-data-data}\label{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA::doc}\label{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:krb5-padata-get-from-typed-data}\index{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:KRB5_PADATA_GET_FROM_TYPED_DATA}\pysigline{\bfcode{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA}} +\end{fulllineitems} + + +Embedded in typed data. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA} + & +\code{22} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_NONE} +\label{appdev/refs/macros/KRB5_PADATA_NONE:krb5-padata-none-data}\label{appdev/refs/macros/KRB5_PADATA_NONE:krb5-padata-none}\label{appdev/refs/macros/KRB5_PADATA_NONE::doc}\index{KRB5\_PADATA\_NONE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_NONE:KRB5_PADATA_NONE}\pysigline{\bfcode{KRB5\_PADATA\_NONE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_NONE} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_OSF\_DCE} +\label{appdev/refs/macros/KRB5_PADATA_OSF_DCE:krb5-padata-osf-dce}\label{appdev/refs/macros/KRB5_PADATA_OSF_DCE::doc}\label{appdev/refs/macros/KRB5_PADATA_OSF_DCE:krb5-padata-osf-dce-data}\index{KRB5\_PADATA\_OSF\_DCE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_OSF_DCE:KRB5_PADATA_OSF_DCE}\pysigline{\bfcode{KRB5\_PADATA\_OSF\_DCE}} +\end{fulllineitems} + + +OSF DCE. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_OSF\_DCE} + & +\code{8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_OTP\_CHALLENGE} +\label{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE::doc}\label{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:krb5-padata-otp-challenge}\label{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:krb5-padata-otp-challenge-data}\index{KRB5\_PADATA\_OTP\_CHALLENGE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:KRB5_PADATA_OTP_CHALLENGE}\pysigline{\bfcode{KRB5\_PADATA\_OTP\_CHALLENGE}} +\end{fulllineitems} + + +RFC 6560 section 4.1. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_OTP\_CHALLENGE} + & +\code{141} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_OTP\_PIN\_CHANGE} +\label{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE::doc}\label{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:krb5-padata-otp-pin-change}\label{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:krb5-padata-otp-pin-change-data}\index{KRB5\_PADATA\_OTP\_PIN\_CHANGE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:KRB5_PADATA_OTP_PIN_CHANGE}\pysigline{\bfcode{KRB5\_PADATA\_OTP\_PIN\_CHANGE}} +\end{fulllineitems} + + +RFC 6560 section 4.3. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_OTP\_PIN\_CHANGE} + & +\code{144} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_OTP\_REQUEST} +\label{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:krb5-padata-otp-request}\label{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST::doc}\label{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:krb5-padata-otp-request-data}\index{KRB5\_PADATA\_OTP\_REQUEST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:KRB5_PADATA_OTP_REQUEST}\pysigline{\bfcode{KRB5\_PADATA\_OTP\_REQUEST}} +\end{fulllineitems} + + +RFC 6560 section 4.2. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_OTP\_REQUEST} + & +\code{142} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PAC\_REQUEST} +\label{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:krb5-padata-pac-request-data}\label{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:krb5-padata-pac-request}\label{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST::doc}\index{KRB5\_PADATA\_PAC\_REQUEST (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:KRB5_PADATA_PAC_REQUEST}\pysigline{\bfcode{KRB5\_PADATA\_PAC\_REQUEST}} +\end{fulllineitems} + + +include Windows PAC + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PAC\_REQUEST} + & +\code{128} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PKINIT\_KX} +\label{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:krb5-padata-pkinit-kx}\label{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:krb5-padata-pkinit-kx-data}\label{appdev/refs/macros/KRB5_PADATA_PKINIT_KX::doc}\index{KRB5\_PADATA\_PKINIT\_KX (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:KRB5_PADATA_PKINIT_KX}\pysigline{\bfcode{KRB5\_PADATA\_PKINIT\_KX}} +\end{fulllineitems} + + +RFC 6112. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PKINIT\_KX} + & +\code{147} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PK\_AS\_REP} +\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:krb5-padata-pk-as-rep-data}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:krb5-padata-pk-as-rep}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP::doc}\index{KRB5\_PADATA\_PK\_AS\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:KRB5_PADATA_PK_AS_REP}\pysigline{\bfcode{KRB5\_PADATA\_PK\_AS\_REP}} +\end{fulllineitems} + + +PKINIT. + +RFC 4556 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PK\_AS\_REP} + & +\code{17} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PK\_AS\_REP\_OLD} +\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:krb5-padata-pk-as-rep-old-data}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD::doc}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:krb5-padata-pk-as-rep-old}\index{KRB5\_PADATA\_PK\_AS\_REP\_OLD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:KRB5_PADATA_PK_AS_REP_OLD}\pysigline{\bfcode{KRB5\_PADATA\_PK\_AS\_REP\_OLD}} +\end{fulllineitems} + + +PKINIT. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PK\_AS\_REP\_OLD} + & +\code{15} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PK\_AS\_REQ} +\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ::doc}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:krb5-padata-pk-as-req}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:krb5-padata-pk-as-req-data}\index{KRB5\_PADATA\_PK\_AS\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:KRB5_PADATA_PK_AS_REQ}\pysigline{\bfcode{KRB5\_PADATA\_PK\_AS\_REQ}} +\end{fulllineitems} + + +PKINIT. + +RFC 4556 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PK\_AS\_REQ} + & +\code{16} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PK\_AS\_REQ\_OLD} +\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:krb5-padata-pk-as-req-old}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:krb5-padata-pk-as-req-old-data}\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD::doc}\index{KRB5\_PADATA\_PK\_AS\_REQ\_OLD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:KRB5_PADATA_PK_AS_REQ_OLD}\pysigline{\bfcode{KRB5\_PADATA\_PK\_AS\_REQ\_OLD}} +\end{fulllineitems} + + +PKINIT. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PK\_AS\_REQ\_OLD} + & +\code{14} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_PW\_SALT} +\label{appdev/refs/macros/KRB5_PADATA_PW_SALT:krb5-padata-pw-salt-data}\label{appdev/refs/macros/KRB5_PADATA_PW_SALT:krb5-padata-pw-salt}\label{appdev/refs/macros/KRB5_PADATA_PW_SALT::doc}\index{KRB5\_PADATA\_PW\_SALT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_PW_SALT:KRB5_PADATA_PW_SALT}\pysigline{\bfcode{KRB5\_PADATA\_PW\_SALT}} +\end{fulllineitems} + + +RFC 4120. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_PW\_SALT} + & +\code{3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_REFERRAL} +\label{appdev/refs/macros/KRB5_PADATA_REFERRAL:krb5-padata-referral}\label{appdev/refs/macros/KRB5_PADATA_REFERRAL::doc}\label{appdev/refs/macros/KRB5_PADATA_REFERRAL:krb5-padata-referral-data}\index{KRB5\_PADATA\_REFERRAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_REFERRAL:KRB5_PADATA_REFERRAL}\pysigline{\bfcode{KRB5\_PADATA\_REFERRAL}} +\end{fulllineitems} + + +draft referral system + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_REFERRAL} + & +\code{25} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_S4U\_X509\_USER} +\label{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:krb5-padata-s4u-x509-user-data}\label{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER::doc}\label{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:krb5-padata-s4u-x509-user}\index{KRB5\_PADATA\_S4U\_X509\_USER (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:KRB5_PADATA_S4U_X509_USER}\pysigline{\bfcode{KRB5\_PADATA\_S4U\_X509\_USER}} +\end{fulllineitems} + + +certificate protocol transition request + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_S4U\_X509\_USER} + & +\code{130} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SAM\_CHALLENGE} +\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:krb5-padata-sam-challenge-data}\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE::doc}\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:krb5-padata-sam-challenge}\index{KRB5\_PADATA\_SAM\_CHALLENGE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:KRB5_PADATA_SAM_CHALLENGE}\pysigline{\bfcode{KRB5\_PADATA\_SAM\_CHALLENGE}} +\end{fulllineitems} + + +SAM/OTP. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SAM\_CHALLENGE} + & +\code{12} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SAM\_CHALLENGE\_2} +\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:krb5-padata-sam-challenge-2-data}\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:krb5-padata-sam-challenge-2}\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2::doc}\index{KRB5\_PADATA\_SAM\_CHALLENGE\_2 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:KRB5_PADATA_SAM_CHALLENGE_2}\pysigline{\bfcode{KRB5\_PADATA\_SAM\_CHALLENGE\_2}} +\end{fulllineitems} + + +draft challenge system, updated + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SAM\_CHALLENGE\_2} + & +\code{30} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SAM\_REDIRECT} +\label{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT::doc}\label{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:krb5-padata-sam-redirect-data}\label{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:krb5-padata-sam-redirect}\index{KRB5\_PADATA\_SAM\_REDIRECT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:KRB5_PADATA_SAM_REDIRECT}\pysigline{\bfcode{KRB5\_PADATA\_SAM\_REDIRECT}} +\end{fulllineitems} + + +SAM/OTP. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SAM\_REDIRECT} + & +\code{21} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SAM\_RESPONSE} +\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:krb5-padata-sam-response-data}\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE::doc}\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:krb5-padata-sam-response}\index{KRB5\_PADATA\_SAM\_RESPONSE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:KRB5_PADATA_SAM_RESPONSE}\pysigline{\bfcode{KRB5\_PADATA\_SAM\_RESPONSE}} +\end{fulllineitems} + + +SAM/OTP. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SAM\_RESPONSE} + & +\code{13} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SAM\_RESPONSE\_2} +\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2::doc}\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:krb5-padata-sam-response-2}\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:krb5-padata-sam-response-2-data}\index{KRB5\_PADATA\_SAM\_RESPONSE\_2 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:KRB5_PADATA_SAM_RESPONSE_2}\pysigline{\bfcode{KRB5\_PADATA\_SAM\_RESPONSE\_2}} +\end{fulllineitems} + + +draft challenge system, updated + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SAM\_RESPONSE\_2} + & +\code{31} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SESAME} +\label{appdev/refs/macros/KRB5_PADATA_SESAME::doc}\label{appdev/refs/macros/KRB5_PADATA_SESAME:krb5-padata-sesame}\label{appdev/refs/macros/KRB5_PADATA_SESAME:krb5-padata-sesame-data}\index{KRB5\_PADATA\_SESAME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SESAME:KRB5_PADATA_SESAME}\pysigline{\bfcode{KRB5\_PADATA\_SESAME}} +\end{fulllineitems} + + +Sesame project. + +RFC 4120 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SESAME} + & +\code{7} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_SVR\_REFERRAL\_INFO} +\label{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO::doc}\label{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:krb5-padata-svr-referral-info}\label{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:krb5-padata-svr-referral-info-data}\index{KRB5\_PADATA\_SVR\_REFERRAL\_INFO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:KRB5_PADATA_SVR_REFERRAL_INFO}\pysigline{\bfcode{KRB5\_PADATA\_SVR\_REFERRAL\_INFO}} +\end{fulllineitems} + + +Windows 2000 referrals. + +RFC 6820 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_SVR\_REFERRAL\_INFO} + & +\code{20} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_TGS\_REQ} +\label{appdev/refs/macros/KRB5_PADATA_TGS_REQ::doc}\label{appdev/refs/macros/KRB5_PADATA_TGS_REQ:krb5-padata-tgs-req}\label{appdev/refs/macros/KRB5_PADATA_TGS_REQ:krb5-padata-tgs-req-data}\index{KRB5\_PADATA\_TGS\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_TGS_REQ:KRB5_PADATA_TGS_REQ}\pysigline{\bfcode{KRB5\_PADATA\_TGS\_REQ}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_TGS\_REQ} + & +\code{KRB5\_PADATA\_AP\_REQ} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO} +\label{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:krb5-padata-use-specified-kvno}\label{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:krb5-padata-use-specified-kvno-data}\label{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO::doc}\index{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:KRB5_PADATA_USE_SPECIFIED_KVNO}\pysigline{\bfcode{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO}} +\end{fulllineitems} + + +RFC 4120. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO} + & +\code{20} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD} +\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:krb5-principal-compare-casefold-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:krb5-principal-compare-casefold}\index{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:KRB5_PRINCIPAL_COMPARE_CASEFOLD}\pysigline{\bfcode{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD}} +\end{fulllineitems} + + +case-insensitive + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD} + & +\code{4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE} +\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:krb5-principal-compare-enterprise}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:krb5-principal-compare-enterprise-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE::doc}\index{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:KRB5_PRINCIPAL_COMPARE_ENTERPRISE}\pysigline{\bfcode{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE}} +\end{fulllineitems} + + +UPNs as real principals. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM} +\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:krb5-principal-compare-ignore-realm}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:krb5-principal-compare-ignore-realm-data}\index{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:KRB5_PRINCIPAL_COMPARE_IGNORE_REALM}\pysigline{\bfcode{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM}} +\end{fulllineitems} + + +ignore realm component + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_UTF8} +\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:krb5-principal-compare-utf8-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:krb5-principal-compare-utf8}\index{KRB5\_PRINCIPAL\_COMPARE\_UTF8 (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:KRB5_PRINCIPAL_COMPARE_UTF8}\pysigline{\bfcode{KRB5\_PRINCIPAL\_COMPARE\_UTF8}} +\end{fulllineitems} + + +treat principals as UTF-8 + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_COMPARE\_UTF8} + & +\code{8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE} +\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:krb5-principal-parse-enterprise-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:krb5-principal-parse-enterprise}\index{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:KRB5_PRINCIPAL_PARSE_ENTERPRISE}\pysigline{\bfcode{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE}} +\end{fulllineitems} + + +Create single-component enterprise principle. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE} + & +\code{0x4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM} +\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:krb5-principal-parse-ignore-realm}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:krb5-principal-parse-ignore-realm-data}\index{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:KRB5_PRINCIPAL_PARSE_IGNORE_REALM}\pysigline{\bfcode{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM}} +\end{fulllineitems} + + +Ignore realm if present. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM} + & +\code{0x8} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM} +\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:krb5-principal-parse-no-realm-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:krb5-principal-parse-no-realm}\index{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:KRB5_PRINCIPAL_PARSE_NO_REALM}\pysigline{\bfcode{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM}} +\end{fulllineitems} + + +Error if realm is present. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM} +\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:krb5-principal-parse-require-realm}\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:krb5-principal-parse-require-realm-data}\index{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:KRB5_PRINCIPAL_PARSE_REQUIRE_REALM}\pysigline{\bfcode{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM}} +\end{fulllineitems} + + +Error if realm is not present. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM} + & +\code{0x2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY} +\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:krb5-principal-unparse-display-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:krb5-principal-unparse-display}\index{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:KRB5_PRINCIPAL_UNPARSE_DISPLAY}\pysigline{\bfcode{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY}} +\end{fulllineitems} + + +Don't escape special characters. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY} + & +\code{0x4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM} +\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:krb5-principal-unparse-no-realm}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:krb5-principal-unparse-no-realm-data}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM::doc}\index{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:KRB5_PRINCIPAL_UNPARSE_NO_REALM}\pysigline{\bfcode{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM}} +\end{fulllineitems} + + +Omit realm always. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM} + & +\code{0x2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_SHORT} +\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT::doc}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:krb5-principal-unparse-short}\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:krb5-principal-unparse-short-data}\index{KRB5\_PRINCIPAL\_UNPARSE\_SHORT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:KRB5_PRINCIPAL_UNPARSE_SHORT}\pysigline{\bfcode{KRB5\_PRINCIPAL\_UNPARSE\_SHORT}} +\end{fulllineitems} + + +Omit realm if it is the local realm. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRINCIPAL\_UNPARSE\_SHORT} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PRIV} +\label{appdev/refs/macros/KRB5_PRIV:krb5-priv-data}\label{appdev/refs/macros/KRB5_PRIV::doc}\label{appdev/refs/macros/KRB5_PRIV:krb5-priv}\index{KRB5\_PRIV (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PRIV:KRB5_PRIV}\pysigline{\bfcode{KRB5\_PRIV}} +\end{fulllineitems} + + +Private application message. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PRIV} + & +\code{((krb5\_msgtype)21)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD} +\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:krb5-prompt-type-new-password-data}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:krb5-prompt-type-new-password}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD::doc}\index{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:KRB5_PROMPT_TYPE_NEW_PASSWORD}\pysigline{\bfcode{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD}} +\end{fulllineitems} + + +Prompt for new password (during password change) + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD} + & +\code{0x2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN} +\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:krb5-prompt-type-new-password-again}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:krb5-prompt-type-new-password-again-data}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN::doc}\index{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN}\pysigline{\bfcode{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN}} +\end{fulllineitems} + + +Prompt for new password again. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN} + & +\code{0x3} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PROMPT\_TYPE\_PASSWORD} +\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:krb5-prompt-type-password-data}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD::doc}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:krb5-prompt-type-password}\index{KRB5\_PROMPT\_TYPE\_PASSWORD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:KRB5_PROMPT_TYPE_PASSWORD}\pysigline{\bfcode{KRB5\_PROMPT\_TYPE\_PASSWORD}} +\end{fulllineitems} + + +Prompt for password. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PROMPT\_TYPE\_PASSWORD} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PROMPT\_TYPE\_PREAUTH} +\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:krb5-prompt-type-preauth-data}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH::doc}\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:krb5-prompt-type-preauth}\index{KRB5\_PROMPT\_TYPE\_PREAUTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:KRB5_PROMPT_TYPE_PREAUTH}\pysigline{\bfcode{KRB5\_PROMPT\_TYPE\_PREAUTH}} +\end{fulllineitems} + + +Prompt for preauthentication data (such as an OTP value) + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PROMPT\_TYPE\_PREAUTH} + & +\code{0x4} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_PVNO} +\label{appdev/refs/macros/KRB5_PVNO:krb5-pvno-data}\label{appdev/refs/macros/KRB5_PVNO::doc}\label{appdev/refs/macros/KRB5_PVNO:krb5-pvno}\index{KRB5\_PVNO (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_PVNO:KRB5_PVNO}\pysigline{\bfcode{KRB5\_PVNO}} +\end{fulllineitems} + + +Protocol version number. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_PVNO} + & +\code{5} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_REALM\_BRANCH\_CHAR} +\label{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR::doc}\label{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:krb5-realm-branch-char}\label{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:krb5-realm-branch-char-data}\index{KRB5\_REALM\_BRANCH\_CHAR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:KRB5_REALM_BRANCH_CHAR}\pysigline{\bfcode{KRB5\_REALM\_BRANCH\_CHAR}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_REALM\_BRANCH\_CHAR} + & +\code{'.'} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RECVAUTH\_BADAUTHVERS} +\label{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:krb5-recvauth-badauthvers-data}\label{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:krb5-recvauth-badauthvers}\label{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS::doc}\index{KRB5\_RECVAUTH\_BADAUTHVERS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:KRB5_RECVAUTH_BADAUTHVERS}\pysigline{\bfcode{KRB5\_RECVAUTH\_BADAUTHVERS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RECVAUTH\_BADAUTHVERS} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RECVAUTH\_SKIP\_VERSION} +\label{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:krb5-recvauth-skip-version}\label{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:krb5-recvauth-skip-version-data}\label{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION::doc}\index{KRB5\_RECVAUTH\_SKIP\_VERSION (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:KRB5_RECVAUTH_SKIP_VERSION}\pysigline{\bfcode{KRB5\_RECVAUTH\_SKIP\_VERSION}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RECVAUTH\_SKIP\_VERSION} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_REFERRAL\_REALM} +\label{appdev/refs/macros/KRB5_REFERRAL_REALM:krb5-referral-realm-data}\label{appdev/refs/macros/KRB5_REFERRAL_REALM::doc}\label{appdev/refs/macros/KRB5_REFERRAL_REALM:krb5-referral-realm}\index{KRB5\_REFERRAL\_REALM (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_REFERRAL_REALM:KRB5_REFERRAL_REALM}\pysigline{\bfcode{KRB5\_REFERRAL\_REALM}} +\end{fulllineitems} + + +Constant for realm referrals. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_REFERRAL\_REALM} + & +\code{""} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW} +\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:krb5-responder-pkinit-flags-token-user-pin-count-low-data}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW::doc}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:krb5-responder-pkinit-flags-token-user-pin-count-low}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW}\pysigline{\bfcode{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW}} +\end{fulllineitems} + + +This flag indicates that an incorrect PIN was supplied at least once since the last time the correct PIN was supplied. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW} + & +\code{(1 \textless{}\textless{} 0)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY} +\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:krb5-responder-pkinit-flags-token-user-pin-final-try}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY::doc}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:krb5-responder-pkinit-flags-token-user-pin-final-try-data}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY}\pysigline{\bfcode{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY}} +\end{fulllineitems} + + +This flag indicates that supplying an incorrect PIN will cause the token to lock itself. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY} + & +\code{(1 \textless{}\textless{} 1)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED} +\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED::doc}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:krb5-responder-pkinit-flags-token-user-pin-locked}\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:krb5-responder-pkinit-flags-token-user-pin-locked-data}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED}\pysigline{\bfcode{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED}} +\end{fulllineitems} + + +This flag indicates that the user PIN is locked, and you can't log in to the token with it. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED} + & +\code{(1 \textless{}\textless{} 2)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_QUESTION\_PKINIT} +\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:krb5-responder-question-pkinit}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:krb5-responder-question-pkinit-data}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT::doc}\index{KRB5\_RESPONDER\_QUESTION\_PKINIT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:KRB5_RESPONDER_QUESTION_PKINIT}\pysigline{\bfcode{KRB5\_RESPONDER\_QUESTION\_PKINIT}} +\end{fulllineitems} + + +PKINIT responder question. + +The PKINIT responder question is asked when the client needs a password that's being used to protect key information, and is formatted as a JSON object. A specific identity's flags value, if not zero, is the bitwise-OR of one or more of the KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_* flags defined below, and possibly other flags to be added later. Any resemblance to similarly-named CKF\_* values in the PKCS\#11 API should not be depended on. + +\emph{\{} + +\emph{identity \textless{}string\textgreater{} : flags \textless{}number\textgreater{},} + +\emph{...} + +\emph{\}} + +The answer to the question MUST be JSON formatted: + +\emph{\{} + +\emph{identity \textless{}string\textgreater{} : password \textless{}string\textgreater{},} + +\emph{...} + +\emph{\}} + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_QUESTION\_PKINIT} + & +\code{"pkinit"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:krb5-responder-otp-flags-collect-pin-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN::doc}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:krb5-responder-otp-flags-collect-pin}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN}} +\end{fulllineitems} + + +This flag indicates that the PIN value MUST be collected. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN} + & +\code{0x0002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:krb5-responder-otp-flags-collect-token-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:krb5-responder-otp-flags-collect-token}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN::doc}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN}} +\end{fulllineitems} + + +This flag indicates that the token value MUST be collected. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:krb5-responder-otp-flags-nextotp-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP::doc}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:krb5-responder-otp-flags-nextotp}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:KRB5_RESPONDER_OTP_FLAGS_NEXTOTP}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP}} +\end{fulllineitems} + + +This flag indicates that the token is now in re-synchronization mode with the server. + +The user is expected to reply with the next code displayed on the token. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP} + & +\code{0x0004} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:krb5-responder-otp-flags-separate-pin}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:krb5-responder-otp-flags-separate-pin-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN::doc}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN}} +\end{fulllineitems} + + +This flag indicates that the PIN MUST be returned as a separate item. + +This flag only takes effect if KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN is set. If this flag is not set, the responder may either concatenate PIN + token value and store it as ``value'' in the answer or it may return them separately. If they are returned separately, they will be concatenated internally. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN} + & +\code{0x0008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:krb5-responder-otp-format-alphanumeric-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:krb5-responder-otp-format-alphanumeric}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC::doc}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC} + & +\code{2} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:krb5-responder-otp-format-decimal-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL::doc}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:krb5-responder-otp-format-decimal}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:KRB5_RESPONDER_OTP_FORMAT_DECIMAL}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL}} +\end{fulllineitems} + + +These format constants identify the format of the token value. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL} + & +\code{0} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL} +\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:krb5-responder-otp-format-hexadecimal-data}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL::doc}\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:krb5-responder-otp-format-hexadecimal}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL}\pysigline{\bfcode{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL} + & +\code{1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_QUESTION\_OTP} +\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:krb5-responder-question-otp}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:krb5-responder-question-otp-data}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP::doc}\index{KRB5\_RESPONDER\_QUESTION\_OTP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:KRB5_RESPONDER_QUESTION_OTP}\pysigline{\bfcode{KRB5\_RESPONDER\_QUESTION\_OTP}} +\end{fulllineitems} + + +OTP responder question. + +The OTP responder question is asked when the KDC indicates that an OTP value is required in order to complete the authentication. The JSON format of the challenge is: + +\emph{\{} + +\emph{``service'': \textless{}string (optional)\textgreater{},} + +\emph{``tokenInfo'': {[}} + +\emph{\{} + +\emph{``flags'': \textless{}number\textgreater{},} + +\emph{``vendor'': \textless{}string (optional)\textgreater{},} + +\emph{``challenge'': \textless{}string (optional)\textgreater{},} + +\emph{``length'': \textless{}number (optional)\textgreater{},} + +\emph{``format'': \textless{}number (optional)\textgreater{},} + +\emph{``tokenID'': \textless{}string (optional)\textgreater{},} + +\emph{``algID'': \textless{}string (optional)\textgreater{},} + +\emph{\},} + +\emph{...} + +\emph{{]}} + +\emph{\}} + +The answer to the question MUST be JSON formatted: + +\emph{\{} + +\emph{``tokeninfo'': \textless{}number\textgreater{},} + +\emph{``value'': \textless{}string (optional)\textgreater{},} + +\emph{``pin'': \textless{}string (optional)\textgreater{},} + +\emph{\}} + +For more detail, please see RFC 6560. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_QUESTION\_OTP} + & +\code{"otp"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_RESPONDER\_QUESTION\_PASSWORD} +\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:krb5-responder-question-password-data}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:krb5-responder-question-password}\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD::doc}\index{KRB5\_RESPONDER\_QUESTION\_PASSWORD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:KRB5_RESPONDER_QUESTION_PASSWORD}\pysigline{\bfcode{KRB5\_RESPONDER\_QUESTION\_PASSWORD}} +\end{fulllineitems} + + +Long-term password responder question. + +This question is asked when the long-term password is needed. It has no challenge and the response is simply the password string. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_RESPONDER\_QUESTION\_PASSWORD} + & +\code{"password"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_SAFE} +\label{appdev/refs/macros/KRB5_SAFE:krb5-safe}\label{appdev/refs/macros/KRB5_SAFE::doc}\label{appdev/refs/macros/KRB5_SAFE:krb5-safe-data}\index{KRB5\_SAFE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_SAFE:KRB5_SAFE}\pysigline{\bfcode{KRB5\_SAFE}} +\end{fulllineitems} + + +Safe application message. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_SAFE} + & +\code{((krb5\_msgtype)20)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD} +\label{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:krb5-sam-must-pk-encrypt-sad}\label{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:krb5-sam-must-pk-encrypt-sad-data}\label{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD::doc}\index{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:KRB5_SAM_MUST_PK_ENCRYPT_SAD}\pysigline{\bfcode{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD}} +\end{fulllineitems} + + +currently must be zero + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD} + & +\code{0x20000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD} +\label{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:krb5-sam-send-encrypted-sad}\label{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD::doc}\label{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:krb5-sam-send-encrypted-sad-data}\index{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:KRB5_SAM_SEND_ENCRYPTED_SAD}\pysigline{\bfcode{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD} + & +\code{0x40000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_SAM\_USE\_SAD\_AS\_KEY} +\label{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY::doc}\label{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:krb5-sam-use-sad-as-key}\label{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:krb5-sam-use-sad-as-key-data}\index{KRB5\_SAM\_USE\_SAD\_AS\_KEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:KRB5_SAM_USE_SAD_AS_KEY}\pysigline{\bfcode{KRB5\_SAM\_USE\_SAD\_AS\_KEY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_SAM\_USE\_SAD\_AS\_KEY} + & +\code{0x80000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_2ND\_TKT} +\label{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:krb5-tc-match-2nd-tkt-data}\label{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:krb5-tc-match-2nd-tkt}\index{KRB5\_TC\_MATCH\_2ND\_TKT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:KRB5_TC_MATCH_2ND_TKT}\pysigline{\bfcode{KRB5\_TC\_MATCH\_2ND\_TKT}} +\end{fulllineitems} + + +The second ticket must match. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_2ND\_TKT} + & +\code{0x00000080} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_AUTHDATA} +\label{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:krb5-tc-match-authdata-data}\label{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:krb5-tc-match-authdata}\index{KRB5\_TC\_MATCH\_AUTHDATA (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:KRB5_TC_MATCH_AUTHDATA}\pysigline{\bfcode{KRB5\_TC\_MATCH\_AUTHDATA}} +\end{fulllineitems} + + +The authorization data must match. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_AUTHDATA} + & +\code{0x00000020} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_FLAGS} +\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:krb5-tc-match-flags}\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:krb5-tc-match-flags-data}\index{KRB5\_TC\_MATCH\_FLAGS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:KRB5_TC_MATCH_FLAGS}\pysigline{\bfcode{KRB5\_TC\_MATCH\_FLAGS}} +\end{fulllineitems} + + +All the flags set in the match credentials must be set. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_FLAGS} + & +\code{0x00000004} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_FLAGS\_EXACT} +\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:krb5-tc-match-flags-exact}\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:krb5-tc-match-flags-exact-data}\index{KRB5\_TC\_MATCH\_FLAGS\_EXACT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:KRB5_TC_MATCH_FLAGS_EXACT}\pysigline{\bfcode{KRB5\_TC\_MATCH\_FLAGS\_EXACT}} +\end{fulllineitems} + + +All the flags must match exactly. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_FLAGS\_EXACT} + & +\code{0x00000010} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_IS\_SKEY} +\label{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:krb5-tc-match-is-skey}\label{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:krb5-tc-match-is-skey-data}\label{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY::doc}\index{KRB5\_TC\_MATCH\_IS\_SKEY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:KRB5_TC_MATCH_IS_SKEY}\pysigline{\bfcode{KRB5\_TC\_MATCH\_IS\_SKEY}} +\end{fulllineitems} + + +The is\_skey field must match exactly. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_IS\_SKEY} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_KTYPE} +\label{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:krb5-tc-match-ktype}\label{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:krb5-tc-match-ktype-data}\label{appdev/refs/macros/KRB5_TC_MATCH_KTYPE::doc}\index{KRB5\_TC\_MATCH\_KTYPE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:KRB5_TC_MATCH_KTYPE}\pysigline{\bfcode{KRB5\_TC\_MATCH\_KTYPE}} +\end{fulllineitems} + + +The encryption key type must match. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_KTYPE} + & +\code{0x00000100} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_SRV\_NAMEONLY} +\label{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:krb5-tc-match-srv-nameonly}\label{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:krb5-tc-match-srv-nameonly-data}\index{KRB5\_TC\_MATCH\_SRV\_NAMEONLY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:KRB5_TC_MATCH_SRV_NAMEONLY}\pysigline{\bfcode{KRB5\_TC\_MATCH\_SRV\_NAMEONLY}} +\end{fulllineitems} + + +Only the name portion of the principal name must match. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_SRV\_NAMEONLY} + & +\code{0x00000040} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_TIMES} +\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES:krb5-tc-match-times}\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES:krb5-tc-match-times-data}\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES::doc}\index{KRB5\_TC\_MATCH\_TIMES (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES:KRB5_TC_MATCH_TIMES}\pysigline{\bfcode{KRB5\_TC\_MATCH\_TIMES}} +\end{fulllineitems} + + +The requested lifetime must be at least as great as the time specified. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_TIMES} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_MATCH\_TIMES\_EXACT} +\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:krb5-tc-match-times-exact-data}\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT::doc}\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:krb5-tc-match-times-exact}\index{KRB5\_TC\_MATCH\_TIMES\_EXACT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:KRB5_TC_MATCH_TIMES_EXACT}\pysigline{\bfcode{KRB5\_TC\_MATCH\_TIMES\_EXACT}} +\end{fulllineitems} + + +All the time fields must match exactly. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_MATCH\_TIMES\_EXACT} + & +\code{0x00000008} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_NOTICKET} +\label{appdev/refs/macros/KRB5_TC_NOTICKET:krb5-tc-noticket}\label{appdev/refs/macros/KRB5_TC_NOTICKET::doc}\label{appdev/refs/macros/KRB5_TC_NOTICKET:krb5-tc-noticket-data}\index{KRB5\_TC\_NOTICKET (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_NOTICKET:KRB5_TC_NOTICKET}\pysigline{\bfcode{KRB5\_TC\_NOTICKET}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_NOTICKET} + & +\code{0x00000002} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_OPENCLOSE} +\label{appdev/refs/macros/KRB5_TC_OPENCLOSE:krb5-tc-openclose}\label{appdev/refs/macros/KRB5_TC_OPENCLOSE:krb5-tc-openclose-data}\label{appdev/refs/macros/KRB5_TC_OPENCLOSE::doc}\index{KRB5\_TC\_OPENCLOSE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_OPENCLOSE:KRB5_TC_OPENCLOSE}\pysigline{\bfcode{KRB5\_TC\_OPENCLOSE}} +\end{fulllineitems} + + +Open and close the file for each cache operation. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_OPENCLOSE} + & +\code{0x00000001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TC\_SUPPORTED\_KTYPES} +\label{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:krb5-tc-supported-ktypes-data}\label{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES::doc}\label{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:krb5-tc-supported-ktypes}\index{KRB5\_TC\_SUPPORTED\_KTYPES (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:KRB5_TC_SUPPORTED_KTYPES}\pysigline{\bfcode{KRB5\_TC\_SUPPORTED\_KTYPES}} +\end{fulllineitems} + + +The supported key types must match. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TC\_SUPPORTED\_KTYPES} + & +\code{0x00000200} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TGS\_NAME} +\label{appdev/refs/macros/KRB5_TGS_NAME:krb5-tgs-name-data}\label{appdev/refs/macros/KRB5_TGS_NAME::doc}\label{appdev/refs/macros/KRB5_TGS_NAME:krb5-tgs-name}\index{KRB5\_TGS\_NAME (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TGS_NAME:KRB5_TGS_NAME}\pysigline{\bfcode{KRB5\_TGS\_NAME}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TGS\_NAME} + & +\code{"krbtgt"} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TGS\_NAME\_SIZE} +\label{appdev/refs/macros/KRB5_TGS_NAME_SIZE:krb5-tgs-name-size}\label{appdev/refs/macros/KRB5_TGS_NAME_SIZE:krb5-tgs-name-size-data}\label{appdev/refs/macros/KRB5_TGS_NAME_SIZE::doc}\index{KRB5\_TGS\_NAME\_SIZE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TGS_NAME_SIZE:KRB5_TGS_NAME_SIZE}\pysigline{\bfcode{KRB5\_TGS\_NAME\_SIZE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TGS\_NAME\_SIZE} + & +\code{6} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TGS\_REP} +\label{appdev/refs/macros/KRB5_TGS_REP::doc}\label{appdev/refs/macros/KRB5_TGS_REP:krb5-tgs-rep-data}\label{appdev/refs/macros/KRB5_TGS_REP:krb5-tgs-rep}\index{KRB5\_TGS\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TGS_REP:KRB5_TGS_REP}\pysigline{\bfcode{KRB5\_TGS\_REP}} +\end{fulllineitems} + + +Response to TGS request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TGS\_REP} + & +\code{((krb5\_msgtype)13)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TGS\_REQ} +\label{appdev/refs/macros/KRB5_TGS_REQ:krb5-tgs-req-data}\label{appdev/refs/macros/KRB5_TGS_REQ::doc}\label{appdev/refs/macros/KRB5_TGS_REQ:krb5-tgs-req}\index{KRB5\_TGS\_REQ (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TGS_REQ:KRB5_TGS_REQ}\pysigline{\bfcode{KRB5\_TGS\_REQ}} +\end{fulllineitems} + + +Ticket granting server request. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TGS\_REQ} + & +\code{((krb5\_msgtype)12)} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE} +\label{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:krb5-tkt-creds-step-flag-continue-data}\label{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE::doc}\label{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:krb5-tkt-creds-step-flag-continue}\index{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:KRB5_TKT_CREDS_STEP_FLAG_CONTINUE}\pysigline{\bfcode{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}} +\end{fulllineitems} + + +More responses needed. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE} + & +\code{0x1} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL} +\label{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:krb5-verify-init-creds-opt-ap-req-nofail}\label{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL::doc}\label{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:krb5-verify-init-creds-opt-ap-req-nofail-data}\index{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL}\pysigline{\bfcode{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL} + & +\code{0x0001} +\\ +\hline\end{tabulary} + + + +\subsubsection{KRB5\_WELLKNOWN\_NAMESTR} +\label{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR::doc}\label{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:krb5-wellknown-namestr}\label{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:krb5-wellknown-namestr-data}\index{KRB5\_WELLKNOWN\_NAMESTR (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:KRB5_WELLKNOWN_NAMESTR}\pysigline{\bfcode{KRB5\_WELLKNOWN\_NAMESTR}} +\end{fulllineitems} + + +First component of NT\_WELLKNOWN principals. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{KRB5\_WELLKNOWN\_NAMESTR} + & +\code{"WELLKNOWN"} +\\ +\hline\end{tabulary} + + + +\subsubsection{LR\_TYPE\_INTERPRETATION\_MASK} +\label{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:lr-type-interpretation-mask-data}\label{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:lr-type-interpretation-mask}\label{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK::doc}\index{LR\_TYPE\_INTERPRETATION\_MASK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:LR_TYPE_INTERPRETATION_MASK}\pysigline{\bfcode{LR\_TYPE\_INTERPRETATION\_MASK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{LR\_TYPE\_INTERPRETATION\_MASK} + & +\code{0x7fff} +\\ +\hline\end{tabulary} + + + +\subsubsection{LR\_TYPE\_THIS\_SERVER\_ONLY} +\label{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:lr-type-this-server-only-data}\label{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:lr-type-this-server-only}\label{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY::doc}\index{LR\_TYPE\_THIS\_SERVER\_ONLY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:LR_TYPE_THIS_SERVER_ONLY}\pysigline{\bfcode{LR\_TYPE\_THIS\_SERVER\_ONLY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{LR\_TYPE\_THIS\_SERVER\_ONLY} + & +\code{0x8000} +\\ +\hline\end{tabulary} + + + +\subsubsection{MAX\_KEYTAB\_NAME\_LEN} +\label{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:max-keytab-name-len-data}\label{appdev/refs/macros/MAX_KEYTAB_NAME_LEN::doc}\label{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:max-keytab-name-len}\index{MAX\_KEYTAB\_NAME\_LEN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:MAX_KEYTAB_NAME_LEN}\pysigline{\bfcode{MAX\_KEYTAB\_NAME\_LEN}} +\end{fulllineitems} + + +Long enough for MAXPATHLEN + some extra. + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{MAX\_KEYTAB\_NAME\_LEN} + & +\code{1100} +\\ +\hline\end{tabulary} + + + +\subsubsection{MSEC\_DIRBIT} +\label{appdev/refs/macros/MSEC_DIRBIT:msec-dirbit}\label{appdev/refs/macros/MSEC_DIRBIT:msec-dirbit-data}\label{appdev/refs/macros/MSEC_DIRBIT::doc}\index{MSEC\_DIRBIT (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/MSEC_DIRBIT:MSEC_DIRBIT}\pysigline{\bfcode{MSEC\_DIRBIT}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{MSEC\_DIRBIT} + & +\code{0x8000} +\\ +\hline\end{tabulary} + + + +\subsubsection{MSEC\_VAL\_MASK} +\label{appdev/refs/macros/MSEC_VAL_MASK:msec-val-mask-data}\label{appdev/refs/macros/MSEC_VAL_MASK::doc}\label{appdev/refs/macros/MSEC_VAL_MASK:msec-val-mask}\index{MSEC\_VAL\_MASK (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/MSEC_VAL_MASK:MSEC_VAL_MASK}\pysigline{\bfcode{MSEC\_VAL\_MASK}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{MSEC\_VAL\_MASK} + & +\code{0x7fff} +\\ +\hline\end{tabulary} + + + +\subsubsection{SALT\_TYPE\_AFS\_LENGTH} +\label{appdev/refs/macros/SALT_TYPE_AFS_LENGTH::doc}\label{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:salt-type-afs-length-data}\label{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:salt-type-afs-length}\index{SALT\_TYPE\_AFS\_LENGTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:SALT_TYPE_AFS_LENGTH}\pysigline{\bfcode{SALT\_TYPE\_AFS\_LENGTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{SALT\_TYPE\_AFS\_LENGTH} + & +\code{UINT\_MAX} +\\ +\hline\end{tabulary} + + + +\subsubsection{SALT\_TYPE\_NO\_LENGTH} +\label{appdev/refs/macros/SALT_TYPE_NO_LENGTH:salt-type-no-length-data}\label{appdev/refs/macros/SALT_TYPE_NO_LENGTH::doc}\label{appdev/refs/macros/SALT_TYPE_NO_LENGTH:salt-type-no-length}\index{SALT\_TYPE\_NO\_LENGTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/SALT_TYPE_NO_LENGTH:SALT_TYPE_NO_LENGTH}\pysigline{\bfcode{SALT\_TYPE\_NO\_LENGTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{SALT\_TYPE\_NO\_LENGTH} + & +\code{UINT\_MAX} +\\ +\hline\end{tabulary} + + + +\subsubsection{THREEPARAMOPEN} +\label{appdev/refs/macros/THREEPARAMOPEN:threeparamopen}\label{appdev/refs/macros/THREEPARAMOPEN:threeparamopen-data}\label{appdev/refs/macros/THREEPARAMOPEN::doc}\index{THREEPARAMOPEN (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/THREEPARAMOPEN:THREEPARAMOPEN}\pysigline{\bfcode{THREEPARAMOPEN}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{THREEPARAMOPEN (x, y, z)} + & +\code{open(x,y,z)} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_ANONYMOUS} +\label{appdev/refs/macros/TKT_FLG_ANONYMOUS::doc}\label{appdev/refs/macros/TKT_FLG_ANONYMOUS:tkt-flg-anonymous}\label{appdev/refs/macros/TKT_FLG_ANONYMOUS:tkt-flg-anonymous-data}\index{TKT\_FLG\_ANONYMOUS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_ANONYMOUS:TKT_FLG_ANONYMOUS}\pysigline{\bfcode{TKT\_FLG\_ANONYMOUS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_ANONYMOUS} + & +\code{0x00008000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_ENC\_PA\_REP} +\label{appdev/refs/macros/TKT_FLG_ENC_PA_REP:tkt-flg-enc-pa-rep}\label{appdev/refs/macros/TKT_FLG_ENC_PA_REP:tkt-flg-enc-pa-rep-data}\label{appdev/refs/macros/TKT_FLG_ENC_PA_REP::doc}\index{TKT\_FLG\_ENC\_PA\_REP (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_ENC_PA_REP:TKT_FLG_ENC_PA_REP}\pysigline{\bfcode{TKT\_FLG\_ENC\_PA\_REP}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_ENC\_PA\_REP} + & +\code{0x00010000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_FORWARDABLE} +\label{appdev/refs/macros/TKT_FLG_FORWARDABLE:tkt-flg-forwardable-data}\label{appdev/refs/macros/TKT_FLG_FORWARDABLE:tkt-flg-forwardable}\label{appdev/refs/macros/TKT_FLG_FORWARDABLE::doc}\index{TKT\_FLG\_FORWARDABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_FORWARDABLE:TKT_FLG_FORWARDABLE}\pysigline{\bfcode{TKT\_FLG\_FORWARDABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_FORWARDABLE} + & +\code{0x40000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_FORWARDED} +\label{appdev/refs/macros/TKT_FLG_FORWARDED::doc}\label{appdev/refs/macros/TKT_FLG_FORWARDED:tkt-flg-forwarded}\label{appdev/refs/macros/TKT_FLG_FORWARDED:tkt-flg-forwarded-data}\index{TKT\_FLG\_FORWARDED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_FORWARDED:TKT_FLG_FORWARDED}\pysigline{\bfcode{TKT\_FLG\_FORWARDED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_FORWARDED} + & +\code{0x20000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_HW\_AUTH} +\label{appdev/refs/macros/TKT_FLG_HW_AUTH::doc}\label{appdev/refs/macros/TKT_FLG_HW_AUTH:tkt-flg-hw-auth}\label{appdev/refs/macros/TKT_FLG_HW_AUTH:tkt-flg-hw-auth-data}\index{TKT\_FLG\_HW\_AUTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_HW_AUTH:TKT_FLG_HW_AUTH}\pysigline{\bfcode{TKT\_FLG\_HW\_AUTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_HW\_AUTH} + & +\code{0x00100000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_INITIAL} +\label{appdev/refs/macros/TKT_FLG_INITIAL:tkt-flg-initial}\label{appdev/refs/macros/TKT_FLG_INITIAL::doc}\label{appdev/refs/macros/TKT_FLG_INITIAL:tkt-flg-initial-data}\index{TKT\_FLG\_INITIAL (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_INITIAL:TKT_FLG_INITIAL}\pysigline{\bfcode{TKT\_FLG\_INITIAL}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_INITIAL} + & +\code{0x00400000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_INVALID} +\label{appdev/refs/macros/TKT_FLG_INVALID:tkt-flg-invalid-data}\label{appdev/refs/macros/TKT_FLG_INVALID::doc}\label{appdev/refs/macros/TKT_FLG_INVALID:tkt-flg-invalid}\index{TKT\_FLG\_INVALID (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_INVALID:TKT_FLG_INVALID}\pysigline{\bfcode{TKT\_FLG\_INVALID}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_INVALID} + & +\code{0x01000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_MAY\_POSTDATE} +\label{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:tkt-flg-may-postdate}\label{appdev/refs/macros/TKT_FLG_MAY_POSTDATE::doc}\label{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:tkt-flg-may-postdate-data}\index{TKT\_FLG\_MAY\_POSTDATE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:TKT_FLG_MAY_POSTDATE}\pysigline{\bfcode{TKT\_FLG\_MAY\_POSTDATE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_MAY\_POSTDATE} + & +\code{0x04000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_OK\_AS\_DELEGATE} +\label{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:tkt-flg-ok-as-delegate-data}\label{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:tkt-flg-ok-as-delegate}\label{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE::doc}\index{TKT\_FLG\_OK\_AS\_DELEGATE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:TKT_FLG_OK_AS_DELEGATE}\pysigline{\bfcode{TKT\_FLG\_OK\_AS\_DELEGATE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_OK\_AS\_DELEGATE} + & +\code{0x00040000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_POSTDATED} +\label{appdev/refs/macros/TKT_FLG_POSTDATED:tkt-flg-postdated}\label{appdev/refs/macros/TKT_FLG_POSTDATED::doc}\label{appdev/refs/macros/TKT_FLG_POSTDATED:tkt-flg-postdated-data}\index{TKT\_FLG\_POSTDATED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_POSTDATED:TKT_FLG_POSTDATED}\pysigline{\bfcode{TKT\_FLG\_POSTDATED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_POSTDATED} + & +\code{0x02000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_PRE\_AUTH} +\label{appdev/refs/macros/TKT_FLG_PRE_AUTH:tkt-flg-pre-auth-data}\label{appdev/refs/macros/TKT_FLG_PRE_AUTH::doc}\label{appdev/refs/macros/TKT_FLG_PRE_AUTH:tkt-flg-pre-auth}\index{TKT\_FLG\_PRE\_AUTH (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_PRE_AUTH:TKT_FLG_PRE_AUTH}\pysigline{\bfcode{TKT\_FLG\_PRE\_AUTH}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_PRE\_AUTH} + & +\code{0x00200000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_PROXIABLE} +\label{appdev/refs/macros/TKT_FLG_PROXIABLE:tkt-flg-proxiable}\label{appdev/refs/macros/TKT_FLG_PROXIABLE:tkt-flg-proxiable-data}\label{appdev/refs/macros/TKT_FLG_PROXIABLE::doc}\index{TKT\_FLG\_PROXIABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_PROXIABLE:TKT_FLG_PROXIABLE}\pysigline{\bfcode{TKT\_FLG\_PROXIABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_PROXIABLE} + & +\code{0x10000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_PROXY} +\label{appdev/refs/macros/TKT_FLG_PROXY::doc}\label{appdev/refs/macros/TKT_FLG_PROXY:tkt-flg-proxy}\label{appdev/refs/macros/TKT_FLG_PROXY:tkt-flg-proxy-data}\index{TKT\_FLG\_PROXY (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_PROXY:TKT_FLG_PROXY}\pysigline{\bfcode{TKT\_FLG\_PROXY}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_PROXY} + & +\code{0x08000000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_RENEWABLE} +\label{appdev/refs/macros/TKT_FLG_RENEWABLE::doc}\label{appdev/refs/macros/TKT_FLG_RENEWABLE:tkt-flg-renewable}\label{appdev/refs/macros/TKT_FLG_RENEWABLE:tkt-flg-renewable-data}\index{TKT\_FLG\_RENEWABLE (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_RENEWABLE:TKT_FLG_RENEWABLE}\pysigline{\bfcode{TKT\_FLG\_RENEWABLE}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_RENEWABLE} + & +\code{0x00800000} +\\ +\hline\end{tabulary} + + + +\subsubsection{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED} +\label{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED::doc}\label{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:tkt-flg-transit-policy-checked}\label{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:tkt-flg-transit-policy-checked-data}\index{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:TKT_FLG_TRANSIT_POLICY_CHECKED}\pysigline{\bfcode{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED} + & +\code{0x00080000} +\\ +\hline\end{tabulary} + + + +\subsubsection{VALID\_INT\_BITS} +\label{appdev/refs/macros/VALID_INT_BITS:valid-int-bits}\label{appdev/refs/macros/VALID_INT_BITS:valid-int-bits-data}\label{appdev/refs/macros/VALID_INT_BITS::doc}\index{VALID\_INT\_BITS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/VALID_INT_BITS:VALID_INT_BITS}\pysigline{\bfcode{VALID\_INT\_BITS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{VALID\_INT\_BITS} + & +\code{INT\_MAX} +\\ +\hline\end{tabulary} + + + +\subsubsection{VALID\_UINT\_BITS} +\label{appdev/refs/macros/VALID_UINT_BITS:valid-uint-bits}\label{appdev/refs/macros/VALID_UINT_BITS::doc}\label{appdev/refs/macros/VALID_UINT_BITS:valid-uint-bits-data}\index{VALID\_UINT\_BITS (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/VALID_UINT_BITS:VALID_UINT_BITS}\pysigline{\bfcode{VALID\_UINT\_BITS}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{VALID\_UINT\_BITS} + & +\code{UINT\_MAX} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_const} +\label{appdev/refs/macros/krb5_const:krb5-const}\label{appdev/refs/macros/krb5_const:krb5-const-data}\label{appdev/refs/macros/krb5_const::doc}\index{krb5\_const (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_const:krb5_const}\pysigline{\bfcode{krb5\_const}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_const} + & +\code{const} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_component} +\label{appdev/refs/macros/krb5_princ_component::doc}\label{appdev/refs/macros/krb5_princ_component:krb5-princ-component-data}\label{appdev/refs/macros/krb5_princ_component:krb5-princ-component}\index{krb5\_princ\_component (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_component:krb5_princ_component}\pysigline{\bfcode{krb5\_princ\_component}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_component (context, princ, i)} + & +\code{(((i) \textless{} krb5\_princ\_size(context, princ)) ? (princ)-\textgreater{}data + (i) : NULL)} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_name} +\label{appdev/refs/macros/krb5_princ_name:krb5-princ-name-data}\label{appdev/refs/macros/krb5_princ_name:krb5-princ-name}\label{appdev/refs/macros/krb5_princ_name::doc}\index{krb5\_princ\_name (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_name:krb5_princ_name}\pysigline{\bfcode{krb5\_princ\_name}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_name (context, princ)} + & +\code{(princ)-\textgreater{}data} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_realm} +\label{appdev/refs/macros/krb5_princ_realm::doc}\label{appdev/refs/macros/krb5_princ_realm:krb5-princ-realm-data}\label{appdev/refs/macros/krb5_princ_realm:krb5-princ-realm}\index{krb5\_princ\_realm (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_realm:krb5_princ_realm}\pysigline{\bfcode{krb5\_princ\_realm}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_realm (context, princ)} + & +\code{(\&(princ)-\textgreater{}realm)} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_set\_realm} +\label{appdev/refs/macros/krb5_princ_set_realm:krb5-princ-set-realm-data}\label{appdev/refs/macros/krb5_princ_set_realm::doc}\label{appdev/refs/macros/krb5_princ_set_realm:krb5-princ-set-realm}\index{krb5\_princ\_set\_realm (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_set_realm:krb5_princ_set_realm}\pysigline{\bfcode{krb5\_princ\_set\_realm}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_set\_realm (context, princ, value)} + & +\code{((princ)-\textgreater{}realm = *(value))} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_set\_realm\_data} +\label{appdev/refs/macros/krb5_princ_set_realm_data:krb5-princ-set-realm-data-data}\label{appdev/refs/macros/krb5_princ_set_realm_data::doc}\label{appdev/refs/macros/krb5_princ_set_realm_data:krb5-princ-set-realm-data}\index{krb5\_princ\_set\_realm\_data (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_set_realm_data:krb5_princ_set_realm_data}\pysigline{\bfcode{krb5\_princ\_set\_realm\_data}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_set\_realm\_data (context, princ, value)} + & +\code{(princ)-\textgreater{}realm.data = (value)} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_set\_realm\_length} +\label{appdev/refs/macros/krb5_princ_set_realm_length:krb5-princ-set-realm-length-data}\label{appdev/refs/macros/krb5_princ_set_realm_length::doc}\label{appdev/refs/macros/krb5_princ_set_realm_length:krb5-princ-set-realm-length}\index{krb5\_princ\_set\_realm\_length (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_set_realm_length:krb5_princ_set_realm_length}\pysigline{\bfcode{krb5\_princ\_set\_realm\_length}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_set\_realm\_length (context, princ, value)} + & +\code{(princ)-\textgreater{}realm.length = (value)} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_size} +\label{appdev/refs/macros/krb5_princ_size:krb5-princ-size-data}\label{appdev/refs/macros/krb5_princ_size::doc}\label{appdev/refs/macros/krb5_princ_size:krb5-princ-size}\index{krb5\_princ\_size (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_size:krb5_princ_size}\pysigline{\bfcode{krb5\_princ\_size}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_size (context, princ)} + & +\code{(princ)-\textgreater{}length} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_princ\_type} +\label{appdev/refs/macros/krb5_princ_type:krb5-princ-type}\label{appdev/refs/macros/krb5_princ_type:krb5-princ-type-data}\label{appdev/refs/macros/krb5_princ_type::doc}\index{krb5\_princ\_type (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_princ_type:krb5_princ_type}\pysigline{\bfcode{krb5\_princ\_type}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_princ\_type (context, princ)} + & +\code{(princ)-\textgreater{}type} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_roundup} +\label{appdev/refs/macros/krb5_roundup:krb5-roundup-data}\label{appdev/refs/macros/krb5_roundup:krb5-roundup}\label{appdev/refs/macros/krb5_roundup::doc}\index{krb5\_roundup (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_roundup:krb5_roundup}\pysigline{\bfcode{krb5\_roundup}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_roundup (x, y)} + & +\code{((((x) + (y) - 1)/(y))*(y))} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_x} +\label{appdev/refs/macros/krb5_x::doc}\label{appdev/refs/macros/krb5_x:krb5-x}\label{appdev/refs/macros/krb5_x:krb5-x-data}\index{krb5\_x (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_x:krb5_x}\pysigline{\bfcode{krb5\_x}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_x (ptr, args)} + & +\code{((ptr)?((*(ptr)) args):(abort(),1))} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb5\_xc} +\label{appdev/refs/macros/krb5_xc::doc}\label{appdev/refs/macros/krb5_xc:krb5-xc}\label{appdev/refs/macros/krb5_xc:krb5-xc-data}\index{krb5\_xc (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb5_xc:krb5_xc}\pysigline{\bfcode{krb5\_xc}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb5\_xc (ptr, args)} + & +\code{((ptr)?((*(ptr)) args):(abort(),(char*)0))} +\\ +\hline\end{tabulary} + + + +\subsection{Deprecated macros} +\label{appdev/refs/macros/index:deprecated-macros} + +\subsubsection{krb524\_convert\_creds\_kdc} +\label{appdev/refs/macros/krb524_convert_creds_kdc:krb524-convert-creds-kdc-data}\label{appdev/refs/macros/krb524_convert_creds_kdc:krb524-convert-creds-kdc}\label{appdev/refs/macros/krb524_convert_creds_kdc::doc}\index{krb524\_convert\_creds\_kdc (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb524_convert_creds_kdc:krb524_convert_creds_kdc}\pysigline{\bfcode{krb524\_convert\_creds\_kdc}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb524\_convert\_creds\_kdc} + & +\code{krb5\_524\_convert\_creds} +\\ +\hline\end{tabulary} + + + +\subsubsection{krb524\_init\_ets} +\label{appdev/refs/macros/krb524_init_ets:krb524-init-ets-data}\label{appdev/refs/macros/krb524_init_ets::doc}\label{appdev/refs/macros/krb524_init_ets:krb524-init-ets}\index{krb524\_init\_ets (built-in variable)} + +\begin{fulllineitems} +\phantomsection\label{appdev/refs/macros/krb524_init_ets:krb524_init_ets}\pysigline{\bfcode{krb524\_init\_ets}} +\end{fulllineitems} + + +\begin{tabulary}{\linewidth}{|L|L|} +\hline + +\code{krb524\_init\_ets (x)} + & +\code{(0)} +\\ +\hline\end{tabulary} + + + + +\renewcommand{\indexname}{Index} +\printindex +\end{document} |