Provided by: heimdal-dev_7.8.git20221117.28daf24+dfsg-5ubuntu3_amd64 bug

NAME
       krb5_mk_req,    krb5_mk_req_exact,    krb5_mk_req_extended,    krb5_rd_req,    krb5_rd_req_with_keyblock,
       krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req,  krb5_verify_ap_req
       — create and read application authentication request


LIBRARY
       Kerberos 5 Library (libkrb5, -lkrb5)


SYNOPSIS
       #include <krb5.h>

       krb5_error_code
       krb5_mk_req(krb5_context context,    krb5_auth_context *auth_context,    const krb5_flags ap_req_options,
           const char *service,       const char *hostname,       krb5_data *in_data,        krb5_ccache ccache,
           krb5_data *outbuf);

       krb5_error_code
       krb5_mk_req_extended(krb5_context context,                               krb5_auth_context *auth_context,
           const krb5_flags ap_req_options, krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf);

       krb5_error_code
       krb5_rd_req(krb5_context context,        krb5_auth_context *auth_context,         const krb5_data *inbuf,
           krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket);

       krb5_error_code
       krb5_build_ap_req(krb5_context context,  krb5_enctype enctype,  krb5_creds *cred,  krb5_flags ap_options,
           krb5_data authenticator, krb5_data *retdata);

       krb5_error_code
       krb5_verify_ap_req(krb5_context context,      krb5_auth_context *auth_context,       krb5_ap_req *ap_req,
           krb5_const_principal server,  krb5_keyblock *keyblock,  krb5_flags flags, krb5_flags *ap_req_options,
           krb5_ticket **ticket);


DESCRIPTION
       The functions documented in this manual page document the functions that facilitates the exchange between
       a Kerberos client and server.  They are the core functions used in the  authentication  exchange  between
       the client and the server.

       The  krb5_mk_req  and  krb5_mk_req_extended creates the Kerberos message KRB_AP_REQ that is sent from the
       client to the server as the first packet in a client/server exchange.  The result that should be sent  to
       server is stored in outbuf.

       auth_context  should  be  allocated with krb5_auth_con_init() or NULL passed in, in that case, it will be
       allocated and freed internally.

       The input data in_data will have a checksum calculated over it and checksum will be  transported  in  the
       message to the server.

       ap_req_options can be set to one or more of the following flags:

       AP_OPTS_USE_SESSION_KEY
               Use the session key when creating the request, used for user to user authentication.

       AP_OPTS_MUTUAL_REQUIRED
               Mark  the  request  as  mutual  authenticate  required  so  that  the  receiver  returns a mutual
               authentication packet.

       The krb5_rd_req read the AP_REQ in inbuf and verify and extract the content.   If  server  is  specified,
       that server will be fetched from the keytab and used unconditionally.  If server is NULL, the keytab will
       be search for a matching principal.

       The   keytab  argument  specifies  what  keytab  to  search  for  receiving  principals.   The  arguments
       ap_req_options and ticket returns the content.

       When the AS-REQ is a user to user request, neither of keytab or principal are used, instead krb5_rd_req()
       expects the session key to be set in auth_context.

       The krb5_verify_ap_req and krb5_build_ap_req both constructs and verify the AP_REQ message, should not be
       used by external code.


SEE ALSO
       krb5(3), krb5.conf(5)

HEIMDAL                                          August 27, 2005                                  KRB5_MK_REQ(3)