4.4BSD/usr/share/man/cat3/krb_sendauth.0
KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3)
N�NA�AM�ME�E
krb_sendauth, krb_recvauth, krb_net_write, krb_net_read -
Kerberos routines for sending authentication via network
stream sockets
S�SY�YN�NO�OP�PS�SI�IS�S
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/k�kr�rb�b.�.h�h>�>
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/d�de�es�s.�.h�h>�>
#�#i�in�nc�cl�lu�ud�de�e <�<n�ne�et�ti�in�ne�et�t/�/i�in�n.�.h�h>�>
i�in�nt�t k�kr�rb�b_�_s�se�en�nd�da�au�ut�th�h(�(o�op�pt�ti�io�on�ns�s,�, f�fd�d,�, k�kt�te�ex�xt�t,�, s�se�er�rv�vi�ic�ce�e,�, i�in�ns�st�t,�, r�re�ea�al�lm�m,�,
c�ch�he�ec�ck�ks�su�um�m,�, m�ms�sg�g_�_d�da�at�ta�a,�, c�cr�re�ed�d,�, s�sc�ch�he�ed�du�ul�le�e,�, l�la�ad�dd�dr�r,�,
f�fa�ad�dd�dr�r,�, v�ve�er�rs�si�io�on�n)�)
l�lo�on�ng�g o�op�pt�ti�io�on�ns�s;�;
i�in�nt�t f�fd�d;�;
K�KT�TE�EX�XT�T k�kt�te�ex�xt�t;�;
c�ch�ha�ar�r *�*s�se�er�rv�vi�ic�ce�e,�, *�*i�in�ns�st�t,�, *�*r�re�ea�al�lm�m;�;
u�u_�_l�lo�on�ng�g c�ch�he�ec�ck�ks�su�um�m;�;
M�MS�SG�G_�_D�DA�AT�T *�*m�ms�sg�g_�_d�da�at�ta�a;�;
C�CR�RE�ED�DE�EN�NT�TI�IA�AL�LS�S *�*c�cr�re�ed�d;�;
K�Ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
s�st�tr�ru�uc�ct�t s�so�oc�ck�ka�ad�dd�dr�r_�_i�in�n *�*l�la�ad�dd�dr�r,�, *�*f�fa�ad�dd�dr�r;�;
c�ch�ha�ar�r *�*v�ve�er�rs�si�io�on�n;�;
i�in�nt�t k�kr�rb�b_�_r�re�ec�cv�va�au�ut�th�h(�(o�op�pt�ti�io�on�ns�s,�, f�fd�d,�, k�kt�te�ex�xt�t,�, s�se�er�rv�vi�ic�ce�e,�, i�in�ns�st�t,�, f�fa�ad�dd�dr�r,�,
l�la�ad�dd�dr�r,�, a�au�ut�th�h_�_d�da�at�ta�a,�, f�fi�il�le�en�na�am�me�e,�, s�sc�ch�he�ed�du�ul�le�e,�, v�ve�er�rs�si�io�on�n)�)
l�lo�on�ng�g o�op�pt�ti�io�on�ns�s;�;
i�in�nt�t f�fd�d;�;
K�KT�TE�EX�XT�T k�kt�te�ex�xt�t;�;
c�ch�ha�ar�r *�*s�se�er�rv�vi�ic�ce�e,�, *�*i�in�ns�st�t;�;
s�st�tr�ru�uc�ct�t s�so�oc�ck�ka�ad�dd�dr�r_�_i�in�n *�*f�fa�ad�dd�dr�r,�, *�*l�la�ad�dd�dr�r;�;
A�AU�UT�TH�H_�_D�DA�AT�T *�*a�au�ut�th�h_�_d�da�at�ta�a;�;
c�ch�ha�ar�r *�*f�fi�il�le�en�na�am�me�e;�;
K�Ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
c�ch�ha�ar�r *�*v�ve�er�rs�si�io�on�n;�;
i�in�nt�t k�kr�rb�b_�_n�ne�et�t_�_w�wr�ri�it�te�e(�(f�fd�d,�, b�bu�uf�f,�, l�le�en�n)�)
i�in�nt�t f�fd�d;�;
c�ch�ha�ar�r *�*b�bu�uf�f;�;
i�in�nt�t l�le�en�n;�;
i�in�nt�t k�kr�rb�b_�_n�ne�et�t_�_r�re�ea�ad�d(�(f�fd�d,�, b�bu�uf�f,�, l�le�en�n)�)
i�in�nt�t f�fd�d;�;
c�ch�ha�ar�r *�*b�bu�uf�f;�;
i�in�nt�t l�le�en�n;�;
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
These functions, which are built on top of the core Ker-
beros library, provide a convenient means for client and
MIT Project Athena Kerberos Version 4.0 1
KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3)
server programs to send authentication messages to one
another through network connections. The _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h
function sends an authenticated ticket from the client
program to the server program by writing the ticket to a
network socket. The _�k_�r_�b_�__�r_�e_�c_�v_�a_�u_�t_�h function receives the
ticket from the client by reading from a network socket.
K�KR�RB�B_�_S�SE�EN�ND�DA�AU�UT�TH�H
This function writes the ticket to the network socket
specified by the file descriptor _�f_�d_�, returning KSUCCESS if
the write proceeds successfully, and an error code if it
does not.
The _�k_�t_�e_�x_�t argument should point to an allocated KTEXT_ST
structure. The _�s_�e_�r_�v_�i_�c_�e_�, _�i_�n_�s_�t_�, and _�r_�e_�a_�l_�m arguments specify
the server program's Kerberos principal name, instance,
and realm. If you are writing a client that uses the
local realm exclusively, you can set the _�r_�e_�a_�l_�m argument to
NULL.
The _�v_�e_�r_�s_�i_�o_�n argument allows the client program to pass an
application-specific version string that the server pro-
gram can then match against its own version string. The
_�v_�e_�r_�s_�i_�o_�n string can be up to KSEND_VNO_LEN (see _�<_�k_�r_�b_�._�h_�>)
characters in length.
The _�c_�h_�e_�c_�k_�s_�u_�m argument can be used to pass checksum infor-
mation to the server program. The client program is
responsible for specifying this information. This check-
sum information is difficult to corrupt because
_�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h passes it over the network in encrypted form.
The _�c_�h_�e_�c_�k_�s_�u_�m argument is passed as the checksum argument
to _�k_�r_�b_�__�m_�k_�__�r_�e_�q.
You can set _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h_�'_�s other arguments to NULL unless
you want the client and server programs to mutually
authenticate themselves. In the case of mutual authenti-
cation, the client authenticates itself to the server pro-
gram, and demands that the server in turn authenticate
itself to the client.
K�KR�RB�B_�_S�SE�EN�ND�DA�AU�UT�TH�H A�AN�ND�D M�MU�UT�TU�UA�AL�L A�AU�UT�TH�HE�EN�NT�TI�IC�CA�AT�TI�IO�ON�N
If you want mutual authentication, make sure that you read
all pending data from the local socket before calling
_�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h_�. Set _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h_�'_�s _�o_�p_�t_�i_�o_�n_�s argument to
K�KO�OP�PT�T_�_D�DO�O_�_M�MU�UT�TU�UA�AL�L (this macro is defined in the _�k_�r_�b_�._�h file);
make sure that the _�l_�a_�d_�d_�r argument points to the address of
the local socket, and that _�f_�a_�d_�d_�r points to the foreign
socket's network address.
MIT Project Athena Kerberos Version 4.0 2
KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3)
_�K_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h fills in the other arguments-- _�m_�s_�g_�__�d_�a_�t_�a,
_�c_�r_�e_�d, and _�s_�c_�h_�e_�d_�u_�l_�e--before sending the ticket to the
server program. You must, however, allocate space for
these arguments before calling the function.
_�K_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h supports two other options: K�KO�OP�PT�T_�_D�DO�ON�NT�T_�_M�MK�K_�_R�RE�EQ�Q,�,
and K�KO�OP�PT�T_�_D�DO�ON�NT�T_�_C�CA�AN�NO�ON�N.�. If called with _�o_�p_�t_�i_�o_�n_�s set as
KOPT_DONT_MK_REQ, _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h will not use the _�k_�r_�b_�__�m_�k_�__�r_�e_�q
function to retrieve the ticket from the Kerberos server.
The _�k_�t_�e_�x_�t argument must point to an existing ticket and
authenticator (such as would be created by _�k_�r_�b_�__�m_�k_�__�r_�e_�q),
and the _�s_�e_�r_�v_�i_�c_�e_�, _�i_�n_�s_�t_�, and _�r_�e_�a_�l_�m arguments can be set to
NULL.
If called with _�o_�p_�t_�i_�o_�n_�s set as KOPT_DONT_CANON,
_�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h will not convert the service's instance to
canonical form using _�k_�r_�b_�__�g_�e_�t_�__�p_�h_�o_�s_�t(3).
If you want to call _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h with a multiple _�o_�p_�t_�i_�o_�n_�s
specification, construct _�o_�p_�t_�i_�o_�n_�s as a bitwise-OR of the
options you want to specify.
K�KR�RB�B_�_R�RE�EC�CV�VA�AU�UT�TH�H
The _�k_�r_�b_�__�r_�e_�c_�v_�a_�u_�t_�h function reads a ticket/authenticator
pair from the socket pointed to by the _�f_�d argument. Set
the _�o_�p_�t_�i_�o_�n_�s argument as a bitwise-OR of the options
desired. Currently only KOPT_DO_MUTUAL is useful to the
receiver.
The _�k_�t_�e_�x_�t argument should point to an allocated KTEXT_ST
structure. _�K_�r_�b_�__�r_�e_�c_�v_�a_�u_�t_�h fills _�k_�t_�e_�x_�t with the
ticket/authenticator pair read from _�f_�d, then passes it to
_�k_�r_�b_�__�r_�d_�__�r_�e_�q.
The _�s_�e_�r_�v_�i_�c_�e and _�i_�n_�s_�t arguments specify the expected ser-
vice and instance for which the ticket was generated.
They are also passed to _�k_�r_�b_�__�r_�d_�__�r_�e_�q_�. The _�i_�n_�s_�t argument may
be set to "*" if the caller wishes _�k_�r_�b_�__�m_�k_�__�r_�e_�q to fill in
the instance used (note that there must be space in the
_�i_�n_�s_�t argument to hold a full instance name, see
_�k_�r_�b_�__�m_�k_�__�r_�e_�q(3)).
The _�f_�a_�d_�d_�r argument should point to the address of the peer
which is presenting the ticket. It is also passed to
_�k_�r_�b_�__�r_�d_�__�r_�e_�q.
If the client and server plan to mutually authenticate one
another, the _�l_�a_�d_�d_�r argument should point to the local
address of the file descriptor. Otherwise you can set
this argument to NULL.
MIT Project Athena Kerberos Version 4.0 3
KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3)
The _�a_�u_�t_�h_�__�d_�a_�t_�a argument should point to an allocated
AUTH_DAT area. It is passed to and filled in by
_�k_�r_�b_�__�r_�d_�__�r_�e_�q. The checksum passed to the corresponding
_�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h is available as part of the filled-in
AUTH_DAT area.
The _�f_�i_�l_�e_�n_�a_�m_�e argument specifies the filename which the
service program should use to obtain its service key.
_�K_�r_�b_�__�r_�e_�c_�v_�a_�u_�t_�h passes _�f_�i_�l_�e_�n_�a_�m_�e to the _�k_�r_�b_�__�r_�d_�__�r_�e_�q function.
If you set this argument to "", _�k_�r_�b_�__�r_�d_�__�r_�e_�q looks for the
service key in the file _�/_�e_�t_�c_�/_�k_�e_�r_�b_�e_�r_�o_�s_�I_�V_�/_�s_�r_�v_�t_�a_�b_�.
If the client and server are performing mutual authenica-
tion, the _�s_�c_�h_�e_�d_�u_�l_�e argument should point to an allocated
Key_schedule. Otherwise it is ignored and may be NULL.
The _�v_�e_�r_�s_�i_�o_�n argument should point to a character array of
at least KSEND_VNO_LEN characters. It is filled in with
the version string passed by the client to _�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h_�.
K�KR�RB�B_�_N�NE�ET�T_�_W�WR�RI�IT�TE�E A�AN�ND�D K�KR�RB�B_�_N�NE�ET�T_�_R�RE�EA�AD�D
The _�k_�r_�b_�__�n_�e_�t_�__�w_�r_�i_�t_�e function emulates the write(2) system
call, but guarantees that all data specified is written to
_�f_�d before returning, unless an error condition occurs.
The _�k_�r_�b_�__�n_�e_�t_�__�r_�e_�a_�d function emulates the read(2) system
call, but guarantees that the requested amount of data is
read from _�f_�d before returning, unless an error condition
occurs.
B�BU�UG�GS�S
_�k_�r_�b_�__�s_�e_�n_�d_�a_�u_�t_�h_�, _�k_�r_�b_�__�r_�e_�c_�v_�a_�u_�t_�h_�, _�k_�r_�b_�__�n_�e_�t_�__�w_�r_�i_�t_�e_�, and
_�k_�r_�b_�__�n_�e_�t_�__�r_�e_�a_�d will not work properly on sockets set to non-
blocking I/O mode.
S�SE�EE�E A�AL�LS�SO�O
krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
A�AU�UT�TH�HO�OR�R
John T. Kohl, MIT Project Athena
R�RE�ES�ST�TR�RI�IC�CT�TI�IO�ON�NS�S
Copyright 1988, Massachusetts Instititute of Technology.
For copying and distribution information, please see the
file <mit-copyright.h>.
MIT Project Athena Kerberos Version 4.0 4