4.3BSD-Reno/share/man/cat3/ksend.0
KRB_SENDAUTH(3) 4.0 KRB_SENDAUTH(3)
N�NA�AM�ME�E
krb_sendauth, krb_recvauth, krb_net_write, krb_net_read -
Kerberos routines for sending authentication via network
stream sockets
S�SY�YN�NO�OP�PS�SI�IS�S
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/k�kr�rb�b.�.h�h>�>
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/d�de�es�s.�.h�h>�>
#�#i�in�nc�cl�lu�ud�de�e <�<n�ne�et�ti�in�ne�et�t/�/i�in�n.�.h�h>�>
i�in�nt�t k�kr�rb�b_�_s�se�en�nd�da�au�ut�th�h(�(o�op�pt�ti�io�on�ns�s,�, f�fd�d,�, k�kt�te�ex�xt�t,�, s�se�er�rv�vi�ic�ce�e,�, i�in�ns�st�t,�, r�re�ea�al�lm�m,�,
c�ch�he�ec�ck�ks�su�um�m,�, m�ms�sg�g_�_d�da�at�ta�a,�, c�cr�re�ed�d,�, s�sc�ch�he�ed�du�ul�le�e,�, l�la�ad�dd�dr�r,�, f�fa�ad�dd�dr�r,�,
v�ve�er�rs�si�io�on�n)�)
l�lo�on�ng�g o�op�pt�ti�io�on�ns�s;�;
i�in�nt�t f�fd�d;�;
K�KT�TE�EX�XT�T k�kt�te�ex�xt�t;�;
c�ch�ha�ar�r *�*s�se�er�rv�vi�ic�ce�e,�, *�*i�in�ns�st�t,�, *�*r�re�ea�al�lm�m;�;
u�u_�_l�lo�on�ng�g c�ch�he�ec�ck�ks�su�um�m;�;
M�MS�SG�G_�_D�DA�AT�T *�*m�ms�sg�g_�_d�da�at�ta�a;�;
C�CR�RE�ED�DE�EN�NT�TI�IA�AL�LS�S *�*c�cr�re�ed�d;�;
K�Ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
s�st�tr�ru�uc�ct�t s�so�oc�ck�ka�ad�dd�dr�r_�_i�in�n *�*l�la�ad�dd�dr�r,�, *�*f�fa�ad�dd�dr�r;�;
c�ch�ha�ar�r *�*v�ve�er�rs�si�io�on�n;�;
i�in�nt�t k�kr�rb�b_�_r�re�ec�cv�va�au�ut�th�h(�(o�op�pt�ti�io�on�ns�s,�, f�fd�d,�, k�kt�te�ex�xt�t,�, s�se�er�rv�vi�ic�ce�e,�, i�in�ns�st�t,�, f�fa�ad�dd�dr�r,�,
l�la�ad�dd�dr�r,�, a�au�ut�th�h_�_d�da�at�ta�a,�, f�fi�il�le�en�na�am�me�e,�, s�sc�ch�he�ed�du�ul�le�e,�, v�ve�er�rs�si�io�on�n)�)
l�lo�on�ng�g o�op�pt�ti�io�on�ns�s;�;
i�in�nt�t f�fd�d;�;
K�KT�TE�EX�XT�T k�kt�te�ex�xt�t;�;
c�ch�ha�ar�r *�*s�se�er�rv�vi�ic�ce�e,�, *�*i�in�ns�st�t;�;
s�st�tr�ru�uc�ct�t s�so�oc�ck�ka�ad�dd�dr�r_�_i�in�n *�*f�fa�ad�dd�dr�r,�, *�*l�la�ad�dd�dr�r;�;
A�AU�UT�TH�H_�_D�DA�AT�T *�*a�au�ut�th�h_�_d�da�at�ta�a;�;
c�ch�ha�ar�r *�*f�fi�il�le�en�na�am�me�e;�;
K�Ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
c�ch�ha�ar�r *�*v�ve�er�rs�si�io�on�n;�;
i�in�nt�t k�kr�rb�b_�_n�ne�et�t_�_w�wr�ri�it�te�e(�(f�fd�d,�, b�bu�uf�f,�, l�le�en�n)�)
i�in�nt�t f�fd�d;�;
c�ch�ha�ar�r *�*b�bu�uf�f;�;
i�in�nt�t l�le�en�n;�;
i�in�nt�t k�kr�rb�b_�_n�ne�et�t_�_r�re�ea�ad�d(�(f�fd�d,�, b�bu�uf�f,�, l�le�en�n)�)
i�in�nt�t f�fd�d;�;
c�ch�ha�ar�r *�*b�bu�uf�f;�;
i�in�nt�t l�le�en�n;�;
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
These functions, which are built on top of the core Kerberos
library, provide a convenient means for client and server
programs to send authentication messages to one another
through network connections. The _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h function
sends an authenticated ticket from the client program to the
Printed 7/27/90 Kerberos 1
KRB_SENDAUTH(3) 4.0 KRB_SENDAUTH(3)
server program by writing the ticket to a network socket.
The _�k_�r_�b__�r_�e_�c_�v_�a_�u_�t_�h function receives the ticket from the
client by reading from a network socket.
K�KR�RB�B_�_S�SE�EN�ND�DA�AU�UT�TH�H
This function writes the ticket to the network socket speci-
fied by the file descriptor _�f_�d, returning KSUCCESS if the
write proceeds successfully, and an error code if it does
not.
The _�k_�t_�e_�x_�t argument should point to an allocated KTEXT_ST
structure. The _�s_�e_�r_�v_�i_�c_�e, _�i_�n_�s_�t, and _�r_�e_�a_�l_�m arguments specify
the server program's Kerberos principal name, instance, and
realm. If you are writing a client that uses the local
realm exclusively, you can set the _�r_�e_�a_�l_�m argument to NULL.
The _�v_�e_�r_�s_�i_�o_�n argument allows the client program to pass an
application-specific version string that the server program
can then match against its own version string. The _�v_�e_�r_�s_�i_�o_�n
string can be up to KSEND_VNO_LEN (see <_�k_�r_�b._�h>) characters
in length.
The _�c_�h_�e_�c_�k_�s_�u_�m argument can be used to pass checksum informa-
tion to the server program. The client program is responsi-
ble for specifying this information. This checksum informa-
tion is difficult to corrupt because _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h passes it
over the network in encrypted form. The _�c_�h_�e_�c_�k_�s_�u_�m argument
is passed as the checksum argument to _�k_�r_�b__�m_�k__�r_�e_�q.
You can set _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h'_�s other arguments to NULL unless
you want the client and server programs to mutually authen-
ticate themselves. In the case of mutual authentication,
the client authenticates itself to the server program, and
demands that the server in turn authenticate itself to the
client.
K�KR�RB�B_�_S�SE�EN�ND�DA�AU�UT�TH�H A�AN�ND�D M�MU�UT�TU�UA�AL�L A�AU�UT�TH�HE�EN�NT�TI�IC�CA�AT�TI�IO�ON�N
If you want mutual authentication, make sure that you read
all pending data from the local socket before calling
_�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h. Set _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h'_�s _�o_�p_�t_�i_�o_�n_�s argument to
K�KO�OP�PT�T_�_D�DO�O_�_M�MU�UT�TU�UA�AL�L (this macro is defined in the _�k_�r_�b._�h file);
make sure that the _�l_�a_�d_�d_�r argument points to the address of
the local socket, and that _�f_�a_�d_�d_�r points to the foreign
socket's network address.
_�K_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h fills in the other arguments-- _�m_�s_�g__�d_�a_�t_�a, _�c_�r_�e_�d,
and _�s_�c_�h_�e_�d_�u_�l_�e--before sending the ticket to the server pro-
gram. You must, however, allocate space for these arguments
before calling the function.
Printed 7/27/90 Kerberos 2
KRB_SENDAUTH(3) 4.0 KRB_SENDAUTH(3)
_�K_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h supports two other options: K�KO�OP�PT�T_�_D�DO�ON�NT�T_�_M�MK�K_�_R�RE�EQ�Q,�,
and K�KO�OP�PT�T_�_D�DO�ON�NT�T_�_C�CA�AN�NO�ON�N.�. If called with _�o_�p_�t_�i_�o_�n_�s set as
KOPT_DONT_MK_REQ, _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h will not use the _�k_�r_�b__�m_�k__�r_�e_�q
function to retrieve the ticket from the Kerberos server.
The _�k_�t_�e_�x_�t argument must point to an existing ticket and
authenticator (such as would be created by _�k_�r_�b__�m_�k__�r_�e_�q), and
the _�s_�e_�r_�v_�i_�c_�e, _�i_�n_�s_�t, and _�r_�e_�a_�l_�m arguments can be set to NULL.
If called with _�o_�p_�t_�i_�o_�n_�s set as KOPT_DONT_CANON, _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h
will not convert the service's instance to canonical form
using _�k_�r_�b__�g_�e_�t__�p_�h_�o_�s_�t(3).
If you want to call _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h with a multiple _�o_�p_�t_�i_�o_�n_�s
specification, construct _�o_�p_�t_�i_�o_�n_�s as a bitwise-OR of the
options you want to specify.
K�KR�RB�B_�_R�RE�EC�CV�VA�AU�UT�TH�H
The _�k_�r_�b__�r_�e_�c_�v_�a_�u_�t_�h function reads a ticket/authenticator pair
from the socket pointed to by the _�f_�d argument. Set the
_�o_�p_�t_�i_�o_�n_�s argument as a bitwise-OR of the options desired.
Currently only KOPT_DO_MUTUAL is useful to the receiver.
The _�k_�t_�e_�x_�t argument should point to an allocated KTEXT_ST
structure. _�K_�r_�b__�r_�e_�c_�v_�a_�u_�t_�h fills _�k_�t_�e_�x_�t with the
ticket/authenticator pair read from _�f_�d, then passes it to
_�k_�r_�b__�r_�d__�r_�e_�q.
The _�s_�e_�r_�v_�i_�c_�e and _�i_�n_�s_�t arguments specify the expected service
and instance for which the ticket was generated. They are
also passed to _�k_�r_�b__�r_�d__�r_�e_�q. The _�i_�n_�s_�t argument may be set to
"*" if the caller wishes _�k_�r_�b__�m_�k__�r_�e_�q to fill in the instance
used (note that there must be space in the _�i_�n_�s_�t argument to
hold a full instance name, see _�k_�r_�b__�m_�k__�r_�e_�q(3)).
The _�f_�a_�d_�d_�r argument should point to the address of the peer
which is presenting the ticket. It is also passed to
_�k_�r_�b__�r_�d__�r_�e_�q.
If the client and server plan to mutually authenticate one
another, the _�l_�a_�d_�d_�r argument should point to the local
address of the file descriptor. Otherwise you can set this
argument to NULL.
The _�a_�u_�t_�h__�d_�a_�t_�a argument should point to an allocated AUTH_DAT
area. It is passed to and filled in by _�k_�r_�b__�r_�d__�r_�e_�q. The
checksum passed to the corresponding _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h is avail-
able as part of the filled-in AUTH_DAT area.
The _�f_�i_�l_�e_�n_�a_�m_�e argument specifies the filename which the ser-
vice program should use to obtain its service key.
_�K_�r_�b__�r_�e_�c_�v_�a_�u_�t_�h passes _�f_�i_�l_�e_�n_�a_�m_�e to the _�k_�r_�b__�r_�d__�r_�e_�q function. If
Printed 7/27/90 Kerberos 3
KRB_SENDAUTH(3) 4.0 KRB_SENDAUTH(3)
you set this argument to "", _�k_�r_�b__�r_�d__�r_�e_�q looks for the ser-
vice key in the file /_�e_�t_�c/_�k_�e_�r_�b_�e_�r_�o_�s_�I_�V/_�s_�r_�v_�t_�a_�b.
If the client and server are performing mutual authenica-
tion, the _�s_�c_�h_�e_�d_�u_�l_�e argument should point to an allocated
Key_schedule. Otherwise it is ignored and may be NULL.
The _�v_�e_�r_�s_�i_�o_�n argument should point to a character array of at
least KSEND_VNO_LEN characters. It is filled in with the
version string passed by the client to _�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h.
K�KR�RB�B_�_N�NE�ET�T_�_W�WR�RI�IT�TE�E A�AN�ND�D K�KR�RB�B_�_N�NE�ET�T_�_R�RE�EA�AD�D
The _�k_�r_�b__�n_�e_�t__�w_�r_�i_�t_�e function emulates the write(2) system
call, but guarantees that all data specified is written to
_�f_�d before returning, unless an error condition occurs.
The _�k_�r_�b__�n_�e_�t__�r_�e_�a_�d function emulates the read(2) system call,
but guarantees that the requested amount of data is read
from _�f_�d before returning, unless an error condition occurs.
B�BU�UG�GS�S
_�k_�r_�b__�s_�e_�n_�d_�a_�u_�t_�h, _�k_�r_�b__�r_�e_�c_�v_�a_�u_�t_�h, _�k_�r_�b__�n_�e_�t__�w_�r_�i_�t_�e, and _�k_�r_�b__�n_�e_�t__�r_�e_�a_�d
will not work properly on sockets set to non-blocking I/O
mode.
S�SE�EE�E A�AL�LS�SO�O
krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
A�AU�UT�TH�HO�OR�R
John T. Kohl, MIT Project Athena
R�RE�ES�ST�TR�RI�IC�CT�TI�IO�ON�NS�S
Copyright 1988, Massachusetts Instititute of Technology.
For copying and distribution information, please see the
file <mit-copyright.h>.
Printed 7/27/90 Kerberos 4