From 33a9b234e7087f573ef08cd7318c6497ba08b439 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Fri, 7 Jul 2017 17:03:42 +0000 Subject: Import MIT KRB5 1.15.1, which will gracefully replace KTH Heimdal. The tarball used in this import is the same tarball used in ports/krb5-115 r435378. Obtained from: http://web.mit.edu/kerberos/dist/ Thanks to: pfg (for all your tireless behind-the-scenes effort) --- doc/html/appdev/refs/api/krb5_rd_priv.html | 189 +++++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 doc/html/appdev/refs/api/krb5_rd_priv.html (limited to 'doc/html/appdev/refs/api/krb5_rd_priv.html') diff --git a/doc/html/appdev/refs/api/krb5_rd_priv.html b/doc/html/appdev/refs/api/krb5_rd_priv.html new file mode 100644 index 000000000000..4dee9c710965 --- /dev/null +++ b/doc/html/appdev/refs/api/krb5_rd_priv.html @@ -0,0 +1,189 @@ + + + + + + + + krb5_rd_priv - Process a KRB-PRIV message. — MIT Kerberos Documentation + + + + + + + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

krb5_rd_priv - Process a KRB-PRIV message.

+
+
+krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata)
+
+ + +++ + + + +
param:

[in] context - Library context

+

[in] auth_context - Authentication structure

+

[in] inbuf - KRB-PRIV message to be parsed

+

[out] outbuf - Data parsed from KRB-PRIV message

+

[out] outdata - Replay data. Specify NULL if not needed

+
+ +++ + + + +
retval:
    +
  • 0 Success; otherwise - Kerberos error codes
    • +
+
+

This function parses a KRB-PRIV message, verifies its integrity, and stores its unencrypted data into outbuf .

+

If the KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in auth_context , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.

+

If the KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , then two additional checks are performed:

+
+
    +
  • The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
    • +
  • The message must not be a replayed message field in auth_context .
    • +
+
+
+

Note

+

If the KRB5_AUTH_CONTEXT_RET_TIME or KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context , outdata is required.

+

auth_context must have a remote address set. This address will be used to verify the sender address in the KRB-PRIV message. If auth_context has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one. Both addresses must use type ADDRTYPE_ADDRPORT .

+
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.15.1
+ © Copyright 1985-2017, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file -- cgit v1.3