diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
| commit | 33a9b234e7087f573ef08cd7318c6497ba08b439 (patch) | |
| tree | d0ea40ad3bf5463a3c55795977c71bcb7d781b4b /doc/html/plugindev | |
Notes
Diffstat (limited to 'doc/html/plugindev')
| -rw-r--r-- | doc/html/plugindev/ccselect.html | 165 | ||||
| -rw-r--r-- | doc/html/plugindev/clpreauth.html | 192 | ||||
| -rw-r--r-- | doc/html/plugindev/general.html | 225 | ||||
| -rw-r--r-- | doc/html/plugindev/gssapi.html | 236 | ||||
| -rw-r--r-- | doc/html/plugindev/hostrealm.html | 175 | ||||
| -rw-r--r-- | doc/html/plugindev/index.html | 182 | ||||
| -rw-r--r-- | doc/html/plugindev/internal.html | 178 | ||||
| -rw-r--r-- | doc/html/plugindev/kadm5_hook.html | 167 | ||||
| -rw-r--r-- | doc/html/plugindev/kdcpreauth.html | 212 | ||||
| -rw-r--r-- | doc/html/plugindev/localauth.html | 181 | ||||
| -rw-r--r-- | doc/html/plugindev/locate.html | 170 | ||||
| -rw-r--r-- | doc/html/plugindev/profile.html | 234 | ||||
| -rw-r--r-- | doc/html/plugindev/pwqual.html | 166 |
13 files changed, 2483 insertions, 0 deletions
diff --git a/doc/html/plugindev/ccselect.html b/doc/html/plugindev/ccselect.html new file mode 100644 index 000000000000..1173f3b2aecc --- /dev/null +++ b/doc/html/plugindev/ccselect.html @@ -0,0 +1,165 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Credential cache selection interface (ccselect) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Password quality interface (pwqual)" href="pwqual.html" /> + <link rel="prev" title="KDC preauthentication interface (kdcpreauth)" href="kdcpreauth.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" + accesskey="P">previous</a> | + <a href="pwqual.html" title="Password quality interface (pwqual)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache selection interface (ccselect)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="credential-cache-selection-interface-ccselect"> +<span id="ccselect-plugin"></span><h1>Credential cache selection interface (ccselect)<a class="headerlink" href="#credential-cache-selection-interface-ccselect" title="Permalink to this headline">¶</a></h1> +<p>The ccselect interface allows modules to control how credential caches +are chosen when a GSSAPI client contacts a service. For a detailed +description of the ccselect interface, see the header file +<tt class="docutils literal"><span class="pre"><krb5/ccselect_plugin.h></span></tt>.</p> +<p>The primary ccselect method is <strong>choose</strong>, which accepts a server +principal as input and returns a ccache and/or principal name as +output. A module can use the krb5_cccol APIs to iterate over the +cache collection in order to find an appropriate ccache to use.</p> +<p>A module can create and destroy per-library-context state objects by +implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have +the type krb5_ccselect_moddata, which is an abstract pointer type. A +module should typically cast this to an internal type for the state +object.</p> +<p>A module can have one of two priorities, “authoritative” or +“heuristic”. Results from authoritative modules, if any are +available, will take priority over results from heuristic modules. A +module communicates its priority as a result of the <strong>init</strong> method.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Credential cache selection interface (ccselect)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" + >previous</a> | + <a href="pwqual.html" title="Password quality interface (pwqual)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Credential cache selection interface (ccselect)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/clpreauth.html b/doc/html/plugindev/clpreauth.html new file mode 100644 index 000000000000..66af218e96cd --- /dev/null +++ b/doc/html/plugindev/clpreauth.html @@ -0,0 +1,192 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Client preauthentication interface (clpreauth) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="KDC preauthentication interface (kdcpreauth)" href="kdcpreauth.html" /> + <link rel="prev" title="General plugin concepts" href="general.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="general.html" title="General plugin concepts" + accesskey="P">previous</a> | + <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Client preauthentication interface (clpreauth)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="client-preauthentication-interface-clpreauth"> +<h1>Client preauthentication interface (clpreauth)<a class="headerlink" href="#client-preauthentication-interface-clpreauth" title="Permalink to this headline">¶</a></h1> +<p>During an initial ticket request, a KDC may ask a client to prove its +knowledge of the password before issuing an encrypted ticket, or to +use credentials other than a password. This process is called +preauthentication, and is described in <span class="target" id="index-0"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc4120.html"><strong>RFC 4120</strong></a> and <span class="target" id="index-1"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>. +The clpreauth interface allows the addition of client support for +preauthentication mechanisms beyond those included in the core MIT +krb5 code base. For a detailed description of the clpreauth +interface, see the header file <tt class="docutils literal"><span class="pre"><krb5/clpreauth_plugin.h></span></tt> (or +<tt class="docutils literal"><span class="pre"><krb5/preauth_plugin.h></span></tt> before release 1.12).</p> +<p>A clpreauth module is generally responsible for:</p> +<ul class="simple"> +<li>Supplying a list of preauth type numbers used by the module in the +<strong>pa_type_list</strong> field of the vtable structure.</li> +<li>Indicating what kind of preauthentication mechanism it implements, +with the <strong>flags</strong> method. In the most common case, this method +just returns <tt class="docutils literal"><span class="pre">PA_REAL</span></tt>, indicating that it implements a normal +preauthentication type.</li> +<li>Examining the padata information included in a PREAUTH_REQUIRED or +MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the +next AS request. This is done with the <strong>process</strong> method.</li> +<li>Examining the padata information included in a successful ticket +reply, possibly verifying the KDC identity and computing a reply +key. This is also done with the <strong>process</strong> method.</li> +<li>For preauthentication types which support it, recovering from errors +by examining the error data from the KDC and producing a padata +value for another AS request. This is done with the <strong>tryagain</strong> +method.</li> +<li>Receiving option information (supplied by <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-X</span></tt> or by an +application), with the <strong>gic_opts</strong> method.</li> +</ul> +<p>A clpreauth module can create and destroy per-library-context and +per-request state objects by implementing the <strong>init</strong>, <strong>fini</strong>, +<strong>request_init</strong>, and <strong>request_fini</strong> methods. Per-context state +objects have the type krb5_clpreauth_moddata, and per-request state +objects have the type krb5_clpreauth_modreq. These are abstract +pointer types; a module should typically cast these to internal +types for the state objects.</p> +<p>The <strong>process</strong> and <strong>tryagain</strong> methods have access to a callback +function and handle (called a “rock”) which can be used to get +additional information about the current request, including the +expected enctype of the AS reply, the FAST armor key, and the client +long-term key (prompting for the user password if necessary). A +callback can also be used to replace the AS reply key if the +preauthentication mechanism computes one.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Client preauthentication interface (clpreauth)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="general.html" title="General plugin concepts" + >previous</a> | + <a href="kdcpreauth.html" title="KDC preauthentication interface (kdcpreauth)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Client preauthentication interface (clpreauth)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/general.html b/doc/html/plugindev/general.html new file mode 100644 index 000000000000..c10ab03b07c7 --- /dev/null +++ b/doc/html/plugindev/general.html @@ -0,0 +1,225 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>General plugin concepts — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Client preauthentication interface (clpreauth)" href="clpreauth.html" /> + <link rel="prev" title="For plugin module developers" href="index.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="index.html" title="For plugin module developers" + accesskey="P">previous</a> | + <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__General plugin concepts">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="general-plugin-concepts"> +<h1>General plugin concepts<a class="headerlink" href="#general-plugin-concepts" title="Permalink to this headline">¶</a></h1> +<p>A krb5 dynamic plugin module is a Unix shared object or Windows DLL. +Typically, the source code for a dynamic plugin module should live in +its own project with a build system using <a class="reference external" href="http://www.gnu.org/software/automake/">automake</a> and <a class="reference external" href="http://www.gnu.org/software/libtool/">libtool</a>, or +tools with similar functionality.</p> +<p>A plugin module must define a specific symbol name, which depends on +the pluggable interface and module name. For most pluggable +interfaces, the exported symbol is a function named +<tt class="docutils literal"><span class="pre">INTERFACE_MODULE_initvt</span></tt>, where <em>INTERFACE</em> is the name of the +pluggable interface and <em>MODULE</em> is the name of the module. For these +interfaces, it is possible for one shared object or DLL to implement +multiple plugin modules, either for the same pluggable interface or +for different ones. For example, a shared object could implement both +KDC and client preauthentication mechanisms, by exporting functions +named <tt class="docutils literal"><span class="pre">kdcpreauth_mymech_initvt</span></tt> and <tt class="docutils literal"><span class="pre">clpreauth_mymech_initvt</span></tt>.</p> +<p>A plugin module implementation should include the header file +<tt class="docutils literal"><span class="pre"><krb5/INTERFACE_plugin.h></span></tt>, where <em>INTERFACE</em> is the name of the +pluggable interface. For instance, a ccselect plugin module +implementation should use <tt class="docutils literal"><span class="pre">#include</span> <span class="pre"><krb5/ccselect_plugin.h></span></tt>.</p> +<p>initvt functions have the following prototype:</p> +<div class="highlight-python"><div class="highlight"><pre>krb5_error_code interface_modname_initvt(krb5_context context, + int maj_ver, int min_ver, + krb5_plugin_vtable vtable); +</pre></div> +</div> +<p>and should do the following:</p> +<ol class="arabic simple"> +<li>Check that the supplied maj_ver argument is supported by the +module. If it is not supported, the function should return +KRB5_PLUGIN_VER_NOTSUPP.</li> +<li>Cast the supplied vtable pointer to the structure type +corresponding to the major version, as documented in the pluggable +interface header file.</li> +<li>Fill in the structure fields with pointers to method functions and +static data, stopping at the field indicated by the supplied minor +version. Fields for unimplemented optional methods can be left +alone; it is not necessary to initialize them to NULL.</li> +</ol> +<p>In most cases, the context argument will not be used. The initvt +function should not allocate memory; think of it as a glorified +structure initializer. Each pluggable interface defines methods for +allocating and freeing module state if doing so is necessary for the +interface.</p> +<p>Pluggable interfaces typically include a <strong>name</strong> field in the vtable +structure, which should be filled in with a pointer to a string +literal containing the module name.</p> +<p>Here is an example of what an initvt function might look like for a +fictional pluggable interface named fences, for a module named +“wicker”:</p> +<div class="highlight-python"><div class="highlight"><pre>krb5_error_code +fences_wicker_initvt(krb5_context context, int maj_ver, + int min_ver, krb5_plugin_vtable vtable) +{ + krb5_ccselect_vtable vt; + + if (maj_ver == 1) { + krb5_fences_vtable vt = (krb5_fences_vtable)vtable; + vt->name = "wicker"; + vt->slats = wicker_slats; + vt->braces = wicker_braces; + } else if (maj_ver == 2) { + krb5_fences_vtable_v2 vt = (krb5_fences_vtable_v2)vtable; + vt->name = "wicker"; + vt->material = wicker_material; + vt->construction = wicker_construction; + if (min_ver < 2) + return 0; + vt->footing = wicker_footing; + if (min_ver < 3) + return 0; + vt->appearance = wicker_appearance; + } else { + return KRB5_PLUGIN_VER_NOTSUPP; + } + return 0; +} +</pre></div> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">General plugin concepts</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2 current"><a class="current reference internal" href="">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="index.html" title="For plugin module developers" + >previous</a> | + <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__General plugin concepts">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/gssapi.html b/doc/html/plugindev/gssapi.html new file mode 100644 index 000000000000..beb9a566d0cf --- /dev/null +++ b/doc/html/plugindev/gssapi.html @@ -0,0 +1,236 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>GSSAPI mechanism interface — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Internal pluggable interfaces" href="internal.html" /> + <link rel="prev" title="Configuration interface (profile)" href="profile.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="profile.html" title="Configuration interface (profile)" + accesskey="P">previous</a> | + <a href="internal.html" title="Internal pluggable interfaces" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__GSSAPI mechanism interface">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="gssapi-mechanism-interface"> +<h1>GSSAPI mechanism interface<a class="headerlink" href="#gssapi-mechanism-interface" title="Permalink to this headline">¶</a></h1> +<p>The GSSAPI library in MIT krb5 can load mechanism modules to augment +the set of built-in mechanisms.</p> +<p>A mechanism module is a Unix shared object or Windows DLL, built +separately from the krb5 tree. Modules are loaded according to the +<tt class="docutils literal"><span class="pre">/etc/gss/mech</span></tt> or <tt class="docutils literal"><span class="pre">/etc/gss/mech.d/*.conf</span></tt> config files, as +described in <a class="reference internal" href="../admin/host_config.html#gssapi-plugin-config"><em>GSSAPI mechanism modules</em></a>.</p> +<p>For the most part, a GSSAPI mechanism module exports the same +functions as would a GSSAPI implementation itself, with the same +function signatures. The mechanism selection layer within the GSSAPI +library (called the “mechglue”) will dispatch calls from the +application to the module if the module’s mechanism is requested. If +a module does not wish to implement a GSSAPI extension, it can simply +refrain from exporting it, and the mechglue will fail gracefully if +the application calls that function.</p> +<p>The mechglue does not invoke a module’s <strong>gss_add_cred</strong>, +<strong>gss_add_cred_from</strong>, <strong>gss_add_cred_impersonate_name</strong>, or +<strong>gss_add_cred_with_password</strong> function. A mechanism only needs to +implement the “acquire” variants of those functions.</p> +<p>A module does not need to coordinate its minor status codes with those +of other mechanisms. If the mechglue detects conflicts, it will map +the mechanism’s status codes onto unique values, and then map them +back again when <strong>gss_display_status</strong> is called.</p> +<div class="section" id="interposer-modules"> +<h2>Interposer modules<a class="headerlink" href="#interposer-modules" title="Permalink to this headline">¶</a></h2> +<p>The mechglue also supports a kind of loadable module, called an +interposer module, which intercepts calls to existing mechanisms +rather than implementing a new mechanism.</p> +<p>An interposer module must export the symbol <strong>gss_mech_interposer</strong> +with the following signature:</p> +<div class="highlight-python"><div class="highlight"><pre>gss_OID_set gss_mech_interposer(gss_OID mech_type); +</pre></div> +</div> +<p>This function is invoked with the OID of the interposer mechanism as +specified in <tt class="docutils literal"><span class="pre">/etc/gss/mech</span></tt> or in a <tt class="docutils literal"><span class="pre">/etc/gss/mech.d/*.conf</span></tt> +file, and returns a set of mechanism OIDs to be interposed. The +returned OID set must have been created using the mechglue’s +gss_create_empty_oid_set and gss_add_oid_set_member functions.</p> +<p>An interposer module must use the prefix <tt class="docutils literal"><span class="pre">gssi_</span></tt> for the GSSAPI +functions it exports, instead of the prefix <tt class="docutils literal"><span class="pre">gss_</span></tt>.</p> +<p>An interposer module can link against the GSSAPI library in order to +make calls to the original mechanism. To do so, it must specify a +special mechanism OID which is the concatention of the interposer’s +own OID byte string and the original mechanism’s OID byte string.</p> +<p>Since <strong>gss_accept_sec_context</strong> does not accept a mechanism argument, +an interposer mechanism must, in order to invoke the original +mechanism’s function, acquire a credential for the concatenated OID +and pass that as the <em>verifier_cred_handle</em> parameter.</p> +<p>Since <strong>gss_import_name</strong>, <strong>gss_import_cred</strong>, and +<strong>gss_import_sec_context</strong> do not accept mechanism parameters, the SPI +has been extended to include variants which do. This allows the +interposer module to know which mechanism should be used to interpret +the token. These functions have the following signatures:</p> +<div class="highlight-python"><div class="highlight"><pre>OM_uint32 gssi_import_sec_context_by_mech(OM_uint32 *minor_status, + gss_OID desired_mech, gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle); + +OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, + gss_OID mech_type, gss_buffer_t input_name_buffer, + gss_OID input_name_type, gss_name_t output_name); + +OM_uint32 gssi_import_cred_by_mech(OM_uint32 *minor_status, + gss_OID mech_type, gss_buffer_t token, + gss_cred_id_t *cred_handle); +</pre></div> +</div> +<p>To re-enter the original mechanism when importing tokens for the above +functions, the interposer module must wrap the mechanism token in the +mechglue’s format, using the concatenated OID. The mechglue token +formats are:</p> +<ul class="simple"> +<li>For <strong>gss_import_sec_context</strong>, a four-byte OID length in big-endian +order, followed by the mechanism OID, followed by the mechanism +token.</li> +<li>For <strong>gss_import_name</strong>, the bytes 04 01, followed by a two-byte OID +length in big-endian order, followed by the mechanism OID, followed +by the bytes 06, followed by the OID length as a single byte, +followed by the mechanism OID, followed by the mechanism token.</li> +<li>For <strong>gss_import_cred</strong>, a four-byte OID length in big-endian order, +followed by the mechanism OID, followed by a four-byte token length +in big-endian order, followed by the mechanism token. This sequence +may be repeated multiple times.</li> +</ul> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">GSSAPI mechanism interface</a><ul> +<li><a class="reference internal" href="#interposer-modules">Interposer modules</a></li> +</ul> +</li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">GSSAPI mechanism interface</a><ul class="simple"> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="profile.html" title="Configuration interface (profile)" + >previous</a> | + <a href="internal.html" title="Internal pluggable interfaces" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__GSSAPI mechanism interface">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/hostrealm.html b/doc/html/plugindev/hostrealm.html new file mode 100644 index 000000000000..5c23a108b1e5 --- /dev/null +++ b/doc/html/plugindev/hostrealm.html @@ -0,0 +1,175 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Host-to-realm interface (hostrealm) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Local authorization interface (localauth)" href="localauth.html" /> + <link rel="prev" title="KADM5 hook interface (kadm5_hook)" href="kadm5_hook.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" + accesskey="P">previous</a> | + <a href="localauth.html" title="Local authorization interface (localauth)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Host-to-realm interface (hostrealm)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="host-to-realm-interface-hostrealm"> +<span id="hostrealm-plugin"></span><h1>Host-to-realm interface (hostrealm)<a class="headerlink" href="#host-to-realm-interface-hostrealm" title="Permalink to this headline">¶</a></h1> +<p>The host-to-realm interface was first introduced in release 1.12. It +allows modules to control the local mapping of hostnames to realm +names as well as the default realm. For a detailed description of the +hostrealm interface, see the header file +<tt class="docutils literal"><span class="pre"><krb5/hostrealm_plugin.h></span></tt>.</p> +<p>Although the mapping methods in the hostrealm interface return a list +of one or more realms, only the first realm in the list is currently +used by callers. Callers may begin using later responses in the +future.</p> +<p>Any mapping method may return KRB5_PLUGIN_NO_HANDLE to defer +processing to a later module.</p> +<p>A module can create and destroy per-library-context state objects +using the <strong>init</strong> and <strong>fini</strong> methods. If the module does not need +any state, it does not need to implement these methods.</p> +<p>The optional <strong>host_realm</strong> method allows a module to determine +authoritative realm mappings for a hostname. The first authoritative +mapping is used in preference to KDC referrals when getting service +credentials.</p> +<p>The optional <strong>fallback_realm</strong> method allows a module to determine +fallback mappings for a hostname. The first fallback mapping is tried +if there is no authoritative mapping for a realm, and KDC referrals +failed to produce a successful result.</p> +<p>The optional <strong>default_realm</strong> method allows a module to determine the +local default realm.</p> +<p>If a module implements any of the above methods, it must also +implement <strong>free_list</strong> to ensure that memory is allocated and +deallocated consistently.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Host-to-realm interface (hostrealm)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" + >previous</a> | + <a href="localauth.html" title="Local authorization interface (localauth)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Host-to-realm interface (hostrealm)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/index.html b/doc/html/plugindev/index.html new file mode 100644 index 000000000000..47d7eb82a39a --- /dev/null +++ b/doc/html/plugindev/index.html @@ -0,0 +1,182 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>For plugin module developers — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="next" title="General plugin concepts" href="general.html" /> + <link rel="prev" title="krb524_init_ets" href="../appdev/refs/macros/krb524_init_ets.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="../appdev/refs/macros/krb524_init_ets.html" title="krb524_init_ets" + accesskey="P">previous</a> | + <a href="general.html" title="General plugin concepts" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For plugin module developers">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="for-plugin-module-developers"> +<h1>For plugin module developers<a class="headerlink" href="#for-plugin-module-developers" title="Permalink to this headline">¶</a></h1> +<p>Kerberos plugin modules allow increased control over MIT krb5 library +and server behavior. This guide describes how to create dynamic +plugin modules and the currently available pluggable interfaces.</p> +<p>See <a class="reference internal" href="../admin/host_config.html#plugin-config"><em>Plugin module configuration</em></a> for information on how to register dynamic +plugin modules and how to enable and disable modules via +<a class="reference internal" href="../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a>.</p> +<div class="section" id="contents"> +<h2>Contents<a class="headerlink" href="#contents" title="Permalink to this headline">¶</a></h2> +<div class="toctree-wrapper compound"> +<ul> +<li class="toctree-l1"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l1"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l1"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l1"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l1"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l1"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l1"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l1"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l1"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l1"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a><ul> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html#interposer-modules">Interposer modules</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a><ul> +<li class="toctree-l2"><a class="reference internal" href="internal.html#kerberos-database-interface-kdb">Kerberos database interface (KDB)</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html#authorization-data-interface-authdata">Authorization data interface (authdata)</a></li> +</ul> +</li> +</ul> +</div> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">For plugin module developers</a><ul> +<li><a class="reference internal" href="#contents">Contents</a></li> +</ul> +</li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">For plugin module developers</a><ul> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="../appdev/refs/macros/krb524_init_ets.html" title="krb524_init_ets" + >previous</a> | + <a href="general.html" title="General plugin concepts" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For plugin module developers">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/internal.html b/doc/html/plugindev/internal.html new file mode 100644 index 000000000000..de3fba160ac8 --- /dev/null +++ b/doc/html/plugindev/internal.html @@ -0,0 +1,178 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Internal pluggable interfaces — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Building Kerberos V5" href="../build/index.html" /> + <link rel="prev" title="GSSAPI mechanism interface" href="gssapi.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="gssapi.html" title="GSSAPI mechanism interface" + accesskey="P">previous</a> | + <a href="../build/index.html" title="Building Kerberos V5" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Internal pluggable interfaces">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="internal-pluggable-interfaces"> +<h1>Internal pluggable interfaces<a class="headerlink" href="#internal-pluggable-interfaces" title="Permalink to this headline">¶</a></h1> +<p>Following are brief discussions of pluggable interfaces which have not +yet been made public. These interfaces are functional, but the +interfaces are likely to change in incompatible ways from release to +release. In some cases, it may be necessary to copy header files from +the krb5 source tree to use an internal interface. Use these with +care, and expect to need to update your modules for each new release +of MIT krb5.</p> +<div class="section" id="kerberos-database-interface-kdb"> +<h2>Kerberos database interface (KDB)<a class="headerlink" href="#kerberos-database-interface-kdb" title="Permalink to this headline">¶</a></h2> +<p>A KDB module implements a database back end for KDC principal and +policy information, and can also control many aspects of KDC behavior. +For a full description of the interface, see the header file +<tt class="docutils literal"><span class="pre"><kdb.h></span></tt>.</p> +<p>The KDB pluggable interface is often referred to as the DAL (Database +Access Layer).</p> +</div> +<div class="section" id="authorization-data-interface-authdata"> +<h2>Authorization data interface (authdata)<a class="headerlink" href="#authorization-data-interface-authdata" title="Permalink to this headline">¶</a></h2> +<p>The authdata interface allows a module to provide (from the KDC) or +consume (in application servers) authorization data of types beyond +those handled by the core MIT krb5 code base. The interface is +defined in the header file <tt class="docutils literal"><span class="pre"><krb5/authdata_plugin.h></span></tt>, which is not +installed by the build.</p> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Internal pluggable interfaces</a><ul> +<li><a class="reference internal" href="#kerberos-database-interface-kdb">Kerberos database interface (KDB)</a></li> +<li><a class="reference internal" href="#authorization-data-interface-authdata">Authorization data interface (authdata)</a></li> +</ul> +</li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Internal pluggable interfaces</a><ul class="simple"> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="gssapi.html" title="GSSAPI mechanism interface" + >previous</a> | + <a href="../build/index.html" title="Building Kerberos V5" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Internal pluggable interfaces">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/kadm5_hook.html b/doc/html/plugindev/kadm5_hook.html new file mode 100644 index 000000000000..35f076822d52 --- /dev/null +++ b/doc/html/plugindev/kadm5_hook.html @@ -0,0 +1,167 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>KADM5 hook interface (kadm5_hook) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Host-to-realm interface (hostrealm)" href="hostrealm.html" /> + <link rel="prev" title="Password quality interface (pwqual)" href="pwqual.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="pwqual.html" title="Password quality interface (pwqual)" + accesskey="P">previous</a> | + <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KADM5 hook interface (kadm5_hook)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="kadm5-hook-interface-kadm5-hook"> +<span id="kadm5-hook-plugin"></span><h1>KADM5 hook interface (kadm5_hook)<a class="headerlink" href="#kadm5-hook-interface-kadm5-hook" title="Permalink to this headline">¶</a></h1> +<p>The kadm5_hook interface allows modules to perform actions when +changes are made to the Kerberos database through <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#kadmin-1"><em>kadmin</em></a>. +For a detailed description of the kadm5_hook interface, see the header +file <tt class="docutils literal"><span class="pre"><krb5/kadm5_hook_plugin.h></span></tt>.</p> +<p>The kadm5_hook interface has five primary methods: <strong>chpass</strong>, +<strong>create</strong>, <strong>modify</strong>, <strong>remove</strong>, and <strong>rename</strong>. (The <strong>rename</strong> +method was introduced in release 1.14.) Each of these methods is +called twice when the corresponding administrative action takes place, +once before the action is committed and once afterwards. A module can +prevent the action from taking place by returning an error code during +the pre-commit stage.</p> +<p>A module can create and destroy per-process state objects by +implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have +the type kadm5_hook_modinfo, which is an abstract pointer type. A +module should typically cast this to an internal type for the state +object.</p> +<p>Because the kadm5_hook interface is tied closely to the kadmin +interface (which is explicitly unstable), it may not remain as stable +across versions as other public pluggable interfaces.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">KADM5 hook interface (kadm5_hook)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="pwqual.html" title="Password quality interface (pwqual)" + >previous</a> | + <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KADM5 hook interface (kadm5_hook)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/kdcpreauth.html b/doc/html/plugindev/kdcpreauth.html new file mode 100644 index 000000000000..b0566cfeb190 --- /dev/null +++ b/doc/html/plugindev/kdcpreauth.html @@ -0,0 +1,212 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>KDC preauthentication interface (kdcpreauth) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Credential cache selection interface (ccselect)" href="ccselect.html" /> + <link rel="prev" title="Client preauthentication interface (clpreauth)" href="clpreauth.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" + accesskey="P">previous</a> | + <a href="ccselect.html" title="Credential cache selection interface (ccselect)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC preauthentication interface (kdcpreauth)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="kdc-preauthentication-interface-kdcpreauth"> +<h1>KDC preauthentication interface (kdcpreauth)<a class="headerlink" href="#kdc-preauthentication-interface-kdcpreauth" title="Permalink to this headline">¶</a></h1> +<p>The kdcpreauth interface allows the addition of KDC support for +preauthentication mechanisms beyond those included in the core MIT +krb5 code base. For a detailed description of the kdcpreauth +interface, see the header file <tt class="docutils literal"><span class="pre"><krb5/kdcpreauth_plugin.h></span></tt> (or +<tt class="docutils literal"><span class="pre"><krb5/preauth_plugin.h></span></tt> before release 1.12).</p> +<p>A kdcpreauth module is generally responsible for:</p> +<ul class="simple"> +<li>Supplying a list of preauth type numbers used by the module in the +<strong>pa_type_list</strong> field of the vtable structure.</li> +<li>Indicating what kind of preauthentication mechanism it implements, +with the <strong>flags</strong> method. If the mechanism computes a new reply +key, it must specify the <tt class="docutils literal"><span class="pre">PA_REPLACES_KEY</span></tt> flag. If the mechanism +is generally only used with hardware tokens, the <tt class="docutils literal"><span class="pre">PA_HARDWARE</span></tt> +flag allows the mechanism to work with principals which have the +<strong>requires_hwauth</strong> flag set.</li> +<li>Producing a padata value to be sent with a preauth_required error, +with the <strong>edata</strong> method.</li> +<li>Examining a padata value sent by a client and verifying that it +proves knowledge of the appropriate client credential information. +This is done with the <strong>verify</strong> method.</li> +<li>Producing a padata response value for the client, and possibly +computing a reply key. This is done with the <strong>return_padata</strong> +method.</li> +</ul> +<p>A module can create and destroy per-KDC state objects by implementing +the <strong>init</strong> and <strong>fini</strong> methods. Per-KDC state objects have the +type krb5_kdcpreauth_moddata, which is an abstract pointer types. A +module should typically cast this to an internal type for the state +object.</p> +<p>A module can create a per-request state object by returning one in the +<strong>verify</strong> method, receiving it in the <strong>return_padata</strong> method, and +destroying it in the <strong>free_modreq</strong> method. Note that these state +objects only apply to the processing of a single AS request packet, +not to an entire authentication exchange (since an authentication +exchange may remain unfinished by the client or may involve multiple +different KDC hosts). Per-request state objects have the type +krb5_kdcpreauth_modreq, which is an abstract pointer type.</p> +<p>The <strong>edata</strong>, <strong>verify</strong>, and <strong>return_padata</strong> methods have access +to a callback function and handle (called a “rock”) which can be used +to get additional information about the current request, including the +maximum allowable clock skew, the client’s long-term keys, the +DER-encoded request body, the FAST armor key, string attributes on the +client’s database entry, and the client’s database entry itself. The +<strong>verify</strong> method can assert one or more authentication indicators to +be included in the issued ticket using the <tt class="docutils literal"><span class="pre">add_auth_indicator</span></tt> +callback (new in release 1.14).</p> +<p>A module can generate state information to be included with the next +client request using the <tt class="docutils literal"><span class="pre">set_cookie</span></tt> callback (new in release +1.14). On the next request, the module can read this state +information using the <tt class="docutils literal"><span class="pre">get_cookie</span></tt> callback. Cookie information is +encrypted, timestamped, and transmitted to the client in a +<tt class="docutils literal"><span class="pre">PA-FX-COOKIE</span></tt> pa-data item. Older clients may not support cookies +and therefore may not transmit the cookie in the next request; in this +case, <tt class="docutils literal"><span class="pre">get_cookie</span></tt> will not yield the saved information.</p> +<p>If a module implements a mechanism which requires multiple round +trips, its <strong>verify</strong> method can respond with the code +<tt class="docutils literal"><span class="pre">KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED</span></tt> and a list of pa-data in +the <em>e_data</em> parameter to be processed by the client.</p> +<p>The <strong>edata</strong> and <strong>verify</strong> methods can be implemented +asynchronously. Because of this, they do not return values directly +to the caller, but must instead invoke responder functions with their +results. A synchronous implementation can invoke the responder +function immediately. An asynchronous implementation can use the +callback to get an event context for use with the <a class="reference external" href="https://fedorahosted.org/libverto/">libverto</a> API.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">KDC preauthentication interface (kdcpreauth)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="clpreauth.html" title="Client preauthentication interface (clpreauth)" + >previous</a> | + <a href="ccselect.html" title="Credential cache selection interface (ccselect)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC preauthentication interface (kdcpreauth)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/localauth.html b/doc/html/plugindev/localauth.html new file mode 100644 index 000000000000..a29a0aa4ae67 --- /dev/null +++ b/doc/html/plugindev/localauth.html @@ -0,0 +1,181 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Local authorization interface (localauth) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Server location interface (locate)" href="locate.html" /> + <link rel="prev" title="Host-to-realm interface (hostrealm)" href="hostrealm.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" + accesskey="P">previous</a> | + <a href="locate.html" title="Server location interface (locate)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Local authorization interface (localauth)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="local-authorization-interface-localauth"> +<span id="localauth-plugin"></span><h1>Local authorization interface (localauth)<a class="headerlink" href="#local-authorization-interface-localauth" title="Permalink to this headline">¶</a></h1> +<p>The localauth interface was first introduced in release 1.12. It +allows modules to control the relationship between Kerberos principals +and local system accounts. When an application calls +<a class="reference internal" href="../appdev/refs/api/krb5_kuserok.html#c.krb5_kuserok" title="krb5_kuserok"><tt class="xref c c-func docutils literal"><span class="pre">krb5_kuserok()</span></tt></a> or <a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><tt class="xref c c-func docutils literal"><span class="pre">krb5_aname_to_localname()</span></tt></a>, localauth +modules are consulted to determine the result. For a detailed +description of the localauth interface, see the header file +<tt class="docutils literal"><span class="pre"><krb5/localauth_plugin.h></span></tt>.</p> +<p>A module can create and destroy per-library-context state objects +using the <strong>init</strong> and <strong>fini</strong> methods. If the module does not need +any state, it does not need to implement these methods.</p> +<p>The optional <strong>userok</strong> method allows a module to control the behavior +of <a class="reference internal" href="../appdev/refs/api/krb5_kuserok.html#c.krb5_kuserok" title="krb5_kuserok"><tt class="xref c c-func docutils literal"><span class="pre">krb5_kuserok()</span></tt></a>. The module receives the authenticated name +and the local account name as inputs, and can return either 0 to +authorize access, KRB5_PLUGIN_NO_HANDLE to defer the decision to other +modules, or another error (canonically EPERM) to authoritatively deny +access. Access is granted if at least one module grants access and no +module authoritatively denies access.</p> +<p>The optional <strong>an2ln</strong> method can work in two different ways. If the +module sets an array of uppercase type names in <strong>an2ln_types</strong>, then +the module’s <strong>an2ln</strong> method will only be invoked by +<a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><tt class="xref c c-func docutils literal"><span class="pre">krb5_aname_to_localname()</span></tt></a> if an <strong>auth_to_local</strong> value in +<a class="reference internal" href="../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a> refers to one of the module’s types. In this +case, the <em>type</em> and <em>residual</em> arguments will give the type name and +residual string of the <strong>auth_to_local</strong> value.</p> +<p>If the module does not set <strong>an2ln_types</strong> but does implement +<strong>an2ln</strong>, the module’s <strong>an2ln</strong> method will be invoked for all +<a class="reference internal" href="../appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname" title="krb5_aname_to_localname"><tt class="xref c c-func docutils literal"><span class="pre">krb5_aname_to_localname()</span></tt></a> operations unless an earlier module +determines a mapping, with <em>type</em> and <em>residual</em> set to NULL. The +module can return KRB5_LNAME_NO_TRANS to defer mapping to later +modules.</p> +<p>If a module implements <strong>an2ln</strong>, it must also implement +<strong>free_string</strong> to ensure that memory is allocated and deallocated +consistently.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Local authorization interface (localauth)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="hostrealm.html" title="Host-to-realm interface (hostrealm)" + >previous</a> | + <a href="locate.html" title="Server location interface (locate)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Local authorization interface (localauth)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/locate.html b/doc/html/plugindev/locate.html new file mode 100644 index 000000000000..e8e4d650128e --- /dev/null +++ b/doc/html/plugindev/locate.html @@ -0,0 +1,170 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Server location interface (locate) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="Configuration interface (profile)" href="profile.html" /> + <link rel="prev" title="Local authorization interface (localauth)" href="localauth.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="localauth.html" title="Local authorization interface (localauth)" + accesskey="P">previous</a> | + <a href="profile.html" title="Configuration interface (profile)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Server location interface (locate)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="server-location-interface-locate"> +<h1>Server location interface (locate)<a class="headerlink" href="#server-location-interface-locate" title="Permalink to this headline">¶</a></h1> +<p>The locate interface allows modules to control how KDCs and similar +services are located by clients. For a detailed description of the +ccselect interface, see the header file <tt class="docutils literal"><span class="pre"><krb5/locate_plugin.h></span></tt>.</p> +<p>A locate module exports a structure object of type +krb5plugin_service_locate_ftable, with the name <tt class="docutils literal"><span class="pre">service_locator</span></tt>. +The structure contains a minor version and pointers to the module’s +methods.</p> +<p>The primary locate method is <strong>lookup</strong>, which accepts a service type, +realm name, desired socket type, and desired address family (which +will be AF_UNSPEC if no specific address family is desired). The +method should invoke the callback function once for each server +address it wants to return, passing a socket type (SOCK_STREAM for TCP +or SOCK_DGRAM for UDP) and socket address. The <strong>lookup</strong> method +should return 0 if it has authoritatively determined the server +addresses for the realm, KRB5_PLUGIN_NO_HANDLE if it wants to let +other location mechanisms determine the server addresses, or another +code if it experienced a failure which should abort the location +process.</p> +<p>A module can create and destroy per-library-context state objects by +implementing the <strong>init</strong> and <strong>fini</strong> methods. State objects have +the type void *, and should be cast to an internal type for the state +object.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Server location interface (locate)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="localauth.html" title="Local authorization interface (localauth)" + >previous</a> | + <a href="profile.html" title="Configuration interface (profile)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Server location interface (locate)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/profile.html b/doc/html/plugindev/profile.html new file mode 100644 index 000000000000..fb547ed2da3d --- /dev/null +++ b/doc/html/plugindev/profile.html @@ -0,0 +1,234 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Configuration interface (profile) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="GSSAPI mechanism interface" href="gssapi.html" /> + <link rel="prev" title="Server location interface (locate)" href="locate.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="locate.html" title="Server location interface (locate)" + accesskey="P">previous</a> | + <a href="gssapi.html" title="GSSAPI mechanism interface" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="configuration-interface-profile"> +<span id="profile-plugin"></span><h1>Configuration interface (profile)<a class="headerlink" href="#configuration-interface-profile" title="Permalink to this headline">¶</a></h1> +<p>The profile interface allows a module to control how krb5 +configuration information is obtained by the Kerberos library and +applications. For a detailed description of the profile interface, +see the header file <tt class="docutils literal"><span class="pre"><profile.h></span></tt>.</p> +<div class="admonition note"> +<p class="first admonition-title">Note</p> +<p class="last">The profile interface does not follow the normal conventions +for MIT krb5 pluggable interfaces, because it is part of a +lower-level component of the krb5 library.</p> +</div> +<p>As with other types of plugin modules, a profile module is a Unix +shared object or Windows DLL, built separately from the krb5 tree. +The krb5 library will dynamically load and use a profile plugin module +if it reads a <tt class="docutils literal"><span class="pre">module</span></tt> directive at the beginning of krb5.conf, as +described in <a class="reference internal" href="../admin/host_config.html#profile-plugin-config"><em>Configuration profile modules</em></a>.</p> +<p>A profile module exports a function named <tt class="docutils literal"><span class="pre">profile_module_init</span></tt> +matching the signature of the profile_module_init_fn type. This +function accepts a residual string, which may be used to help locate +the configuration source. The function fills in a vtable and may also +create a per-profile state object. If the module uses state objects, +it should implement the <strong>copy</strong> and <strong>cleanup</strong> methods to manage +them.</p> +<p>A basic read-only profile module need only implement the +<strong>get_values</strong> and <strong>free_values</strong> methods. The <strong>get_values</strong> method +accepts a null-terminated list of C string names (e.g., an array +containing “libdefaults”, “clockskew”, and NULL for the <strong>clockskew</strong> +variable in the <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><em>[libdefaults]</em></a> section) and returns a +null-terminated list of values, which will be cleaned up with the +<strong>free_values</strong> method when the caller is done with them.</p> +<p>Iterable profile modules must also define the <strong>iterator_create</strong>, +<strong>iterator</strong>, <strong>iterator_free</strong>, and <strong>free_string</strong> methods. The +core krb5 code does not require profiles to be iterable, but some +applications may iterate over the krb5 profile object in order to +present configuration interfaces.</p> +<p>Writable profile modules must also define the <strong>writable</strong>, +<strong>modified</strong>, <strong>update_relation</strong>, <strong>rename_section</strong>, +<strong>add_relation</strong>, and <strong>flush</strong> methods. The core krb5 code does not +require profiles to be writable, but some applications may write to +the krb5 profile in order to present configuration interfaces.</p> +<p>The following is an example of a very basic read-only profile module +which returns a hardcoded value for the <strong>default_realm</strong> variable in +<a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><em>[libdefaults]</em></a>, and provides no other configuration information. +(For conciseness, the example omits code for checking the return +values of malloc and strdup.)</p> +<div class="highlight-python"><div class="highlight"><pre>#include <stdlib.h> +#include <string.h> +#include <profile.h> + +static long +get_values(void *cbdata, const char *const *names, char ***values) +{ + if (names[0] != NULL && strcmp(names[0], "libdefaults") == 0 && + names[1] != NULL && strcmp(names[1], "default_realm") == 0) { + *values = malloc(2 * sizeof(char *)); + (*values)[0] = strdup("ATHENA.MIT.EDU"); + (*values)[1] = NULL; + return 0; + } + return PROF_NO_RELATION; +} + +static void +free_values(void *cbdata, char **values) +{ + char **v; + + for (v = values; *v; v++) + free(*v); + free(values); +} + +long +profile_module_init(const char *residual, struct profile_vtable *vtable, + void **cb_ret); + +long +profile_module_init(const char *residual, struct profile_vtable *vtable, + void **cb_ret) +{ + *cb_ret = NULL; + vtable->get_values = get_values; + vtable->free_values = free_values; + return 0; +} +</pre></div> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Configuration interface (profile)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="locate.html" title="Server location interface (locate)" + >previous</a> | + <a href="gssapi.html" title="GSSAPI mechanism interface" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Configuration interface (profile)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/doc/html/plugindev/pwqual.html b/doc/html/plugindev/pwqual.html new file mode 100644 index 000000000000..5c56a71819e2 --- /dev/null +++ b/doc/html/plugindev/pwqual.html @@ -0,0 +1,166 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>Password quality interface (pwqual) — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../about.html" /> + <link rel="copyright" title="Copyright" href="../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> + <link rel="up" title="For plugin module developers" href="index.html" /> + <link rel="next" title="KADM5 hook interface (kadm5_hook)" href="kadm5_hook.html" /> + <link rel="prev" title="Credential cache selection interface (ccselect)" href="ccselect.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="ccselect.html" title="Credential cache selection interface (ccselect)" + accesskey="P">previous</a> | + <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" + accesskey="N">next</a> | + <a href="../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password quality interface (pwqual)">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="password-quality-interface-pwqual"> +<span id="pwqual-plugin"></span><h1>Password quality interface (pwqual)<a class="headerlink" href="#password-quality-interface-pwqual" title="Permalink to this headline">¶</a></h1> +<p>The pwqual interface allows modules to control what passwords are +allowed when a user changes passwords. For a detailed description of +the pwqual interface, see the header file <tt class="docutils literal"><span class="pre"><krb5/pwqual_plugin.h></span></tt>.</p> +<p>The primary pwqual method is <strong>check</strong>, which receives a password as +input and returns success (0) or a <tt class="docutils literal"><span class="pre">KADM5_PASS_Q_</span></tt> failure code +depending on whether the password is allowed. The <strong>check</strong> method +also receives the principal name and the name of the principal’s +password policy as input; although there is no stable interface for +the module to obtain the fields of the password policy, it can define +its own configuration or data store based on the policy name.</p> +<p>A module can create and destroy per-process state objects by +implementing the <strong>open</strong> and <strong>close</strong> methods. State objects have +the type krb5_pwqual_moddata, which is an abstract pointer type. A +module should typically cast this to an internal type for the state +object. The <strong>open</strong> method also receives the name of the realm’s +dictionary file (as configured by the <strong>dict_file</strong> variable in the +<a class="reference internal" href="../admin/conf_files/kdc_conf.html#kdc-realms"><em>[realms]</em></a> section of <a class="reference internal" href="../admin/conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a>) if it wishes to use +it.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">Password quality interface (pwqual)</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> +<li class="toctree-l2"><a class="reference internal" href="clpreauth.html">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="">Password quality interface (pwqual)</a></li> +<li class="toctree-l2"><a class="reference internal" href="kadm5_hook.html">KADM5 hook interface (kadm5_hook)</a></li> +<li class="toctree-l2"><a class="reference internal" href="hostrealm.html">Host-to-realm interface (hostrealm)</a></li> +<li class="toctree-l2"><a class="reference internal" href="localauth.html">Local authorization interface (localauth)</a></li> +<li class="toctree-l2"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li> +<li class="toctree-l2"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li> +<li class="toctree-l2"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a></li> +<li class="toctree-l2"><a class="reference internal" href="internal.html">Internal pluggable interfaces</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="ccselect.html" title="Credential cache selection interface (ccselect)" + >previous</a> | + <a href="kadm5_hook.html" title="KADM5 hook interface (kadm5_hook)" + >next</a> | + <a href="../genindex.html" title="General Index" + >index</a> | + <a href="../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password quality interface (pwqual)">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file |