summaryrefslogtreecommitdiff
path: root/doc/html/appdev/refs/api/krb5_mk_ncred.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/html/appdev/refs/api/krb5_mk_ncred.html')
-rw-r--r--doc/html/appdev/refs/api/krb5_mk_ncred.html108
1 files changed, 47 insertions, 61 deletions
diff --git a/doc/html/appdev/refs/api/krb5_mk_ncred.html b/doc/html/appdev/refs/api/krb5_mk_ncred.html
index 971d340fb5c5..85684bb8245d 100644
--- a/doc/html/appdev/refs/api/krb5_mk_ncred.html
+++ b/doc/html/appdev/refs/api/krb5_mk_ncred.html
@@ -1,35 +1,26 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
<head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta charset="utf-8" />
+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
+
<title>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. &#8212; MIT Kerberos Documentation</title>
- <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
- <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
- <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../../',
- VERSION: '1.21.2',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../../_static/doctools.js"></script>
+ <link rel="stylesheet" type="text/css" href="../../../_static/pygments.css" />
+ <link rel="stylesheet" type="text/css" href="../../../_static/agogo.css" />
+ <link rel="stylesheet" type="text/css" href="../../../_static/kerb.css" />
+ <script data-url_root="../../../" id="documentation_options" src="../../../_static/documentation_options.js"></script>
+ <script src="../../../_static/jquery.js"></script>
+ <script src="../../../_static/underscore.js"></script>
+ <script src="../../../_static/doctools.js"></script>
<link rel="author" title="About these documents" href="../../../about.html" />
<link rel="index" title="Index" href="../../../genindex.html" />
<link rel="search" title="Search" href="../../../search.html" />
<link rel="copyright" title="Copyright" href="../../../copyright.html" />
<link rel="next" title="krb5_mk_priv - Format a KRB-PRIV message." href="krb5_mk_priv.html" />
<link rel="prev" title="krb5_mk_error - Format and encode a KRB_ERROR message." href="krb5_mk_error.html" />
- </head>
- <body>
+ </head><body>
<div class="header-wrapper">
<div class="header">
@@ -61,62 +52,56 @@
<div class="bodywrapper">
<div class="body" role="main">
- <div class="section" id="krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials">
+ <section id="krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials">
<h1>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.<a class="headerlink" href="#krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials" title="Permalink to this headline">¶</a></h1>
-<dl class="function">
-<dt id="c.krb5_mk_ncred">
-<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_ncred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em>&nbsp;context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em>&nbsp;auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> **<em>&nbsp;creds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> **<em>&nbsp;der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em>&nbsp;rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a></dt>
+<dl class="c function">
+<dt class="sig sig-object c" id="c.krb5_mk_ncred">
+<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code"><span class="n"><span class="pre">krb5_error_code</span></span></a><span class="w"> </span><span class="sig-name descname"><span class="n"><span class="pre">krb5_mk_ncred</span></span></span><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context"><span class="n"><span class="pre">krb5_context</span></span></a><span class="w"> </span><span class="n"><span class="pre">context</span></span>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context"><span class="n"><span class="pre">krb5_auth_context</span></span></a><span class="w"> </span><span class="n"><span class="pre">auth_context</span></span>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds"><span class="n"><span class="pre">krb5_creds</span></span></a><span class="w"> </span><span class="p"><span class="pre">*</span></span><span class="p"><span class="pre">*</span></span><span class="n"><span class="pre">creds</span></span>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data"><span class="n"><span class="pre">krb5_data</span></span></a><span class="w"> </span><span class="p"><span class="pre">*</span></span><span class="p"><span class="pre">*</span></span><span class="n"><span class="pre">der_out</span></span>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data"><span class="n"><span class="pre">krb5_replay_data</span></span></a><span class="w"> </span><span class="p"><span class="pre">*</span></span><span class="n"><span class="pre">rdata_out</span></span><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a><br /></dt>
<dd></dd></dl>
-<table class="docutils field-list" frame="void" rules="none">
-<col class="field-name" />
-<col class="field-body" />
-<tbody valign="top">
-<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
+<dl class="field-list">
+<dt class="field-odd">param</dt>
+<dd class="field-odd"><p><strong>[in]</strong> <strong>context</strong> - Library context</p>
<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
<p><strong>[in]</strong> <strong>creds</strong> - Null-terminated array of credentials</p>
<p><strong>[out]</strong> <strong>der_out</strong> - Encoded credentials</p>
-<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay cache information (NULL if not needed)</p>
-</td>
-</tr>
-</tbody>
-</table>
-<table class="docutils field-list" frame="void" rules="none">
-<col class="field-name" />
-<col class="field-body" />
-<tbody valign="top">
-<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first simple">
-<li>0 Success</li>
-<li>ENOMEM Insufficient memory</li>
-<li>KRB5_RC_REQUIRED Message replay detection requires rcache parameter</li>
+<p><strong>[out]</strong> <strong>rdata_out</strong> - Replay cache information (NULL if not needed)</p>
+</dd>
+</dl>
+<dl class="field-list simple">
+<dt class="field-odd">retval</dt>
+<dd class="field-odd"><ul class="simple">
+<li><p>0 Success</p></li>
+<li><p>ENOMEM Insufficient memory</p></li>
+<li><p>KRB5_RC_REQUIRED Message replay detection requires rcache parameter</p></li>
</ul>
-</td>
-</tr>
-<tr class="field-even field"><th class="field-name">return:</th><td class="field-body"><ul class="first last simple">
-<li>Kerberos error codes</li>
+</dd>
+<dt class="field-even">return</dt>
+<dd class="field-even"><ul class="simple">
+<li><p>Kerberos error codes</p></li>
</ul>
-</td>
-</tr>
-</tbody>
-</table>
-<p>This function takes an array of credentials <em>creds</em> and formats a <strong>KRB-CRED</strong> message <em>der_out</em> to pass to <a class="reference internal" href="krb5_rd_cred.html#c.krb5_rd_cred" title="krb5_rd_cred"><code class="xref c c-func docutils literal"><span class="pre">krb5_rd_cred()</span></code></a> .</p>
+</dd>
+</dl>
+<p>This function takes an array of credentials <em>creds</em> and formats a <strong>KRB-CRED</strong> message <em>der_out</em> to pass to krb5_rd_cred().</p>
<p>The local and remote addresses in <em>auth_context</em> are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.</p>
-<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , the timestamp used for the KRB-CRED message is stored in <em>rdata_out</em> .</p>
-<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-CRED message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p>
-<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p>
+<p>If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in <em>auth_context</em> , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in <em>auth_context</em> , the timestamp used for the KRB-CRED message is stored in <em>rdata_out</em> .</p>
+<p>If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the <em>auth_context</em> local sequence number is included in the KRB-CRED message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in <em>rdata_out</em> .</p>
+<p>Use krb5_free_data_contents() to free <em>der_out</em> when it is no longer needed.</p>
<p>The message will be encrypted using the send subkey of <em>auth_context</em> if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.</p>
<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
-</div>
+<p class="admonition-title">Note</p>
+<p>The <em>rdata_out</em> argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in <em>auth_context</em> .</p>
</div>
+</section>
+ <div class="clearer"></div>
</div>
</div>
</div>
</div>
<div class="sidebar">
+
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.</a></li>
@@ -160,6 +145,7 @@
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
+
</div>
<div class="clearer"></div>
</div>
@@ -167,8 +153,8 @@
<div class="footer-wrapper">
<div class="footer" >
- <div class="right" ><i>Release: 1.21.2</i><br />
- &copy; <a href="../../../copyright.html">Copyright</a> 1985-2023, MIT.
+ <div class="right" ><i>Release: 1.21.3</i><br />
+ &copy; <a href="../../../copyright.html">Copyright</a> 1985-2024, MIT.
</div>
<div class="left">
generated by cgit v1.3 (git 2.53.0) at 2026-04-27 16:59:56 +0000