KRB_REALMOFHOST(3) 4.0 KRB_REALMOFHOST(3) NNAAMMEE krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, krb_get_lrealm - additional Kerberos utility routines SSYYNNOOPPSSIISS ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>> ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>> ##iinncclluuddee <<nneettiinneett//iinn..hh>> cchhaarr **kkrrbb__rreeaallmmooffhhoosstt((hhoosstt)) cchhaarr **hhoosstt;; cchhaarr **kkrrbb__ggeett__pphhoosstt((aalliiaass)) cchhaarr **aalliiaass;; kkrrbb__ggeett__kkrrbbhhsstt((hhoosstt,,rreeaallmm,,nn)) cchhaarr **hhoosstt;; cchhaarr **rreeaallmm;; iinntt nn;; kkrrbb__ggeett__aaddmmhhsstt((hhoosstt,,rreeaallmm,,nn)) cchhaarr **hhoosstt;; cchhaarr **rreeaallmm;; iinntt nn;; kkrrbb__ggeett__llrreeaallmm((rreeaallmm,,nn)) cchhaarr **rreeaallmm;; iinntt nn;; DDEESSCCRRIIPPTTIIOONN _k_r_b__r_e_a_l_m_o_f_h_o_s_t returns the Kerberos realm of the host _h_o_s_t, as determined by the translation table /_e_t_c/_k_e_r_b_e_r_o_s_I_V/_k_r_b._r_e_a_l_m_s. _h_o_s_t should be the fully- qualified domain-style primary host name of the host in question. In order to prevent certain security attacks, this routine must either have _a _p_r_i_o_r_i knowledge of a host's realm, or obtain such information securely. The format of the translation file is described by _k_r_b._r_e_a_l_m_s(5). If _h_o_s_t exactly matches a host_name line, the corresponding realm is returned. Otherwise, if the domain portion of _h_o_s_t matches a domain_name line, the corresponding realm is returned. If _h_o_s_t contains a domain, but no translation is found, _h_o_s_t's domain is converted to upper-case and returned. If _h_o_s_t contains no discernable domain, or an error occurs, the local realm name, as sup- plied by _k_r_b__g_e_t__l_r_e_a_l_m(3), is returned. _k_r_b__g_e_t__p_h_o_s_t converts the hostname _a_l_i_a_s (which can be either an official name or an alias) into the instance name to be used in obtaining Kerberos tickets for most services, Printed 7/27/90 Kerberos 1 KRB_REALMOFHOST(3) 4.0 KRB_REALMOFHOST(3) including the Berkeley rcmd suite (rlogin, rcp, rsh). The current convention is to return the first segment of the official domain-style name after conversion to lower case. _k_r_b__g_e_t__k_r_b_h_s_t fills in _h_o_s_t with the hostname of the _nth host running a Kerberos key distribution center (KDC) for realm _r_e_a_l_m, as specified in the configuration file (/_e_t_c/_k_e_r_b_e_r_o_s_I_V/_k_r_b._c_o_n_f). The configuration file is described by _k_r_b._c_o_n_f(5). If the host is successfully filled in, the routine returns KSUCCESS. If the file cannot be opened, and _n equals 1, then the value of KRB_HOST as defined in <_k_r_b._h> is filled in, and KSUCCESS is returned. If there are fewer than _n hosts running a Kerberos KDC for the requested realm, or the configuration file is malformed, the routine returns KFAILURE. _k_r_b__g_e_t__a_d_m_h_s_t fills in _h_o_s_t with the hostname of the _nth host running a Kerberos KDC database administration server for realm _r_e_a_l_m, as specified in the configuration file (/_e_t_c/_k_e_r_b_e_r_o_s_I_V/_k_r_b._c_o_n_f). If the file cannot be opened or is malformed, or there are fewer than _n hosts running a Ker- beros KDC database administration server, the routine returns KFAILURE. The character arrays used as return values for _k_r_b__g_e_t__k_r_b_h_s_t, _k_r_b__g_e_t__a_d_m_h_s_t, should be large enough to hold any hostname (MAXHOSTNAMELEN from <sys/param.h>). _k_r_b__g_e_t__l_r_e_a_l_m fills in _r_e_a_l_m with the _nth realm of the local host, as specified in the configuration file. _r_e_a_l_m should be at least REALM_SZ (from <_k_r_b._h>)characters_l_o_n_g. SSEEEE AALLSSOO kerberos(3), krb.conf(5), krb.realms(5) FFIILLEESS /etc/kerberosIV/krb.realms translation file for host-to-realm map- ping. /etc/kerberosIV/krb.conf local realm-name and realm/server confi- guration file. BBUUGGSS The current convention for instance names is too limited; the full domain name should be used. _k_r_b__g_e_t__l_r_e_a_l_m currently only supports _n = 1. It should really consult the user's ticket cache to determine the user's current realm, rather than consulting a file on the host. Printed 7/27/90 Kerberos 2