diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2023-08-04 17:53:10 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2023-08-04 17:53:10 +0000 |
| commit | 0320e0d5bb9fbb5da53478b3fd80ad79b110191d (patch) | |
| tree | e1185f75bd2d3f87b0c17f787debc3ee8648214b /doc/html/plugindev/clpreauth.html | |
| parent | b0e4d68d5124581ae353493d69bea352de4cff8a (diff) | |
Diffstat (limited to 'doc/html/plugindev/clpreauth.html')
| -rw-r--r-- | doc/html/plugindev/clpreauth.html | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/doc/html/plugindev/clpreauth.html b/doc/html/plugindev/clpreauth.html index 5b951fd2b0d2..e0acb712f713 100644 --- a/doc/html/plugindev/clpreauth.html +++ b/doc/html/plugindev/clpreauth.html @@ -1,33 +1,31 @@ + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>Client preauthentication interface (clpreauth) — MIT Kerberos Documentation</title> - + <title>Client preauthentication interface (clpreauth) — MIT Kerberos Documentation</title> <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> - <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', - VERSION: '1.16', + VERSION: '1.21.1', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', - HAS_SOURCE: true + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <link rel="author" title="About these documents" href="../about.html" /> + <link rel="index" title="Index" href="../genindex.html" /> + <link rel="search" title="Search" href="../search.html" /> <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> - <link rel="up" title="For plugin module developers" href="index.html" /> <link rel="next" title="KDC preauthentication interface (kdcpreauth)" href="kdcpreauth.html" /> <link rel="prev" title="General plugin concepts" href="general.html" /> </head> @@ -61,26 +59,26 @@ <div class="documentwrapper"> <div class="bodywrapper"> - <div class="body"> + <div class="body" role="main"> <div class="section" id="client-preauthentication-interface-clpreauth"> <h1>Client preauthentication interface (clpreauth)<a class="headerlink" href="#client-preauthentication-interface-clpreauth" title="Permalink to this headline">¶</a></h1> <p>During an initial ticket request, a KDC may ask a client to prove its knowledge of the password before issuing an encrypted ticket, or to use credentials other than a password. This process is called -preauthentication, and is described in <span class="target" id="index-0"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc4120.html"><strong>RFC 4120</strong></a> and <span class="target" id="index-1"></span><a class="rfc reference external" href="http://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>. +preauthentication, and is described in <span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc4120.html"><strong>RFC 4120</strong></a> and <span class="target" id="index-1"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>. The clpreauth interface allows the addition of client support for preauthentication mechanisms beyond those included in the core MIT krb5 code base. For a detailed description of the clpreauth -interface, see the header file <tt class="docutils literal"><span class="pre"><krb5/clpreauth_plugin.h></span></tt> (or -<tt class="docutils literal"><span class="pre"><krb5/preauth_plugin.h></span></tt> before release 1.12).</p> +interface, see the header file <code class="docutils literal"><span class="pre"><krb5/clpreauth_plugin.h></span></code> (or +<code class="docutils literal"><span class="pre"><krb5/preauth_plugin.h></span></code> before release 1.12).</p> <p>A clpreauth module is generally responsible for:</p> <ul class="simple"> <li>Supplying a list of preauth type numbers used by the module in the <strong>pa_type_list</strong> field of the vtable structure.</li> <li>Indicating what kind of preauthentication mechanism it implements, with the <strong>flags</strong> method. In the most common case, this method -just returns <tt class="docutils literal"><span class="pre">PA_REAL</span></tt>, indicating that it implements a normal +just returns <code class="docutils literal"><span class="pre">PA_REAL</span></code>, indicating that it implements a normal preauthentication type.</li> <li>Examining the padata information included in a PREAUTH_REQUIRED or MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the @@ -92,7 +90,7 @@ key. This is also done with the <strong>process</strong> method.</li> by examining the error data from the KDC and producing a padata value for another AS request. This is done with the <strong>tryagain</strong> method.</li> -<li>Receiving option information (supplied by <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-X</span></tt> or by an +<li>Receiving option information (supplied by <code class="docutils literal"><span class="pre">kinit</span> <span class="pre">-X</span></code> or by an application), with the <strong>gic_opts</strong> method.</li> </ul> <p>A clpreauth module can create and destroy per-library-context and @@ -103,7 +101,7 @@ objects have the type krb5_clpreauth_modreq. These are abstract pointer types; a module should typically cast these to internal types for the state objects.</p> <p>The <strong>process</strong> and <strong>tryagain</strong> methods have access to a callback -function and handle (called a “rock”) which can be used to get +function and handle (called a “rock”) which can be used to get additional information about the current request, including the expected enctype of the AS reply, the FAST armor key, and the client long-term key (prompting for the user password if necessary). A @@ -130,7 +128,7 @@ preauthentication mechanism computes one.</p> <li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> <li class="toctree-l1 current"><a class="reference internal" href="index.html">For plugin module developers</a><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="general.html">General plugin concepts</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="">Client preauthentication interface (clpreauth)</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="#">Client preauthentication interface (clpreauth)</a></li> <li class="toctree-l2"><a class="reference internal" href="kdcpreauth.html">KDC preauthentication interface (kdcpreauth)</a></li> <li class="toctree-l2"><a class="reference internal" href="ccselect.html">Credential cache selection interface (ccselect)</a></li> <li class="toctree-l2"><a class="reference internal" href="pwqual.html">Password quality interface (pwqual)</a></li> @@ -171,8 +169,8 @@ preauthentication mechanism computes one.</p> <div class="footer-wrapper"> <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. + <div class="right" ><i>Release: 1.21.1</i><br /> + © <a href="../copyright.html">Copyright</a> 1985-2023, MIT. </div> <div class="left"> |