summaryrefslogtreecommitdiff
path: root/static/netbsd/man3/krb5_credential.3
diff options
context:
space:
mode:
Diffstat (limited to 'static/netbsd/man3/krb5_credential.3')
-rw-r--r--static/netbsd/man3/krb5_credential.3270
1 files changed, 270 insertions, 0 deletions
diff --git a/static/netbsd/man3/krb5_credential.3 b/static/netbsd/man3/krb5_credential.3
new file mode 100644
index 00000000..097bf162
--- /dev/null
+++ b/static/netbsd/man3/krb5_credential.3
@@ -0,0 +1,270 @@
+.\" $NetBSD: krb5_credential.3,v 1.3 2023/06/19 21:41:40 christos Exp $
+.\"
+.TH "krb5_credential" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*-
+.ad l
+.nh
+.SH NAME
+krb5_credential \- Heimdal Kerberos 5 credential handing functions
+.SH SYNOPSIS
+.br
+.PP
+.SS "Functions"
+
+.in +1c
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_fwd_tgt_creds\fP (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_forwarded_creds\fP (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_alloc\fP (krb5_context context, krb5_get_init_creds_opt **opt)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_free\fP (krb5_context context, krb5_get_init_creds_opt *opt)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_init\fP (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_service\fP (krb5_context context, krb5_init_creds_context ctx, const char *service)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_password\fP (krb5_context context, krb5_init_creds_context ctx, const char *password)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_keytab\fP (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_step\fP (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get_error\fP (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_creds_free\fP (krb5_context context, krb5_init_creds_context ctx)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get\fP (krb5_context context, krb5_init_creds_context ctx)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_password\fP (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keyblock\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keytab\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)"
+.br
+.in -1c
+.SH "Detailed Description"
+.PP
+
+.SH "Function Documentation"
+.PP
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)"
+Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data\&. If hostname == NULL, pick it from server\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP A kerberos 5 context\&.
+.br
+\fIauth_context\fP the auth context with the key to encrypt the out_data\&.
+.br
+\fIhostname\fP the host to forward the tickets too\&.
+.br
+\fIclient\fP the client to delegate from\&.
+.br
+\fIserver\fP the server to delegate the credential too\&.
+.br
+\fIccache\fP credential cache to use\&.
+.br
+\fIforwardable\fP make the forwarded ticket forwabledable\&.
+.br
+\fIout_data\fP the resulting credential\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+Return an error code or 0\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)"
+Gets tickets forwarded to hostname\&. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less\&.
+.PP
+If the ticket have any address, hostname will be used for figure out the address to forward the ticket too\&. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host\&. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS\&. This IPv6 address might be used communications and thus the resulting ticket useless\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP A kerberos 5 context\&.
+.br
+\fIauth_context\fP the auth context with the key to encrypt the out_data\&.
+.br
+\fIccache\fP credential cache to use
+.br
+\fIflags\fP the flags to control the resulting ticket flags
+.br
+\fIhostname\fP the host to forward the tickets too\&.
+.br
+\fIin_creds\fP the in client and server ticket names\&. The client and server components forwarded to the remote host\&.
+.br
+\fIout_data\fP the resulting credential\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+Return an error code or 0\&.
+.RE
+.PP
+Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets\&. The session key is used otherwise to encrypt the forwarded ticket\&.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
+Get new credentials using keyblock\&.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
+Get new credentials using keytab\&.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)"
+Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP\&.
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)"
+Free krb5_get_init_creds_opt structure\&.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
+Get new credentials using password\&.
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)"
+Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIctx\fP The krb5_init_creds_context to free\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)"
+Get new credentials as setup by the krb5_init_creds_context\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIctx\fP The krb5_init_creds_context to process\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)"
+Get the last error from the transaction\&.
+.PP
+\fBReturns\fP
+.RS 4
+Returns 0 or an error code
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)"
+Start a new context to get a new initial credential\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal()\&.
+.br
+\fIprompter\fP
+.br
+\fIprompter_data\fP
+.br
+\fIstart_time\fP the time the ticket should start to be valid or 0 for now\&.
+.br
+\fIoptions\fP a options structure, can be NULL for default options\&.
+.br
+\fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+0 for success or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)"
+Set the keytab to use for authentication\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP a Kerberos 5 context\&.
+.br
+\fIctx\fP ctx krb5_init_creds_context context\&.
+.br
+\fIkeytab\fP the keytab to read the key from\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)"
+Sets the password that will use for the request\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP a Kerberos 5 context\&.
+.br
+\fIctx\fP ctx krb5_init_creds_context context\&.
+.br
+\fIpassword\fP the password to use\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)"
+Sets the service that the is requested\&. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP a Kerberos 5 context\&.
+.br
+\fIctx\fP a krb5_init_creds_context context\&.
+.br
+\fIservice\fP the service given as a string, for example 'kadmind/admin'\&. If NULL, the default krbtgt in the clients realm is set\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)"
+The core loop if krb5_get_init_creds() function family\&. Create the packets and have the caller send them off to the KDC\&.
+.PP
+If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead\&.
+.PP
+\fBParameters\fP
+.RS 4
+\fIcontext\fP a Kerberos 5 context\&.
+.br
+\fIctx\fP ctx krb5_init_creds_context context\&.
+.br
+\fIin\fP input data from KDC, first round it should be reset by krb5_data_zer()\&.
+.br
+\fIout\fP reply to KDC\&.
+.br
+\fIhostinfo\fP KDC address info, first round it can be NULL\&.
+.br
+\fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round\&.
+.RE
+.PP
+\fBReturns\fP
+.RS 4
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
+.RE
+.PP
+
+.SH "Author"
+.PP
+Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&.
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-15 14:36:53 +0000