diff options
Diffstat (limited to 'doc/html/appdev/refs/api/krb5_mk_ncred.html')
| -rw-r--r-- | doc/html/appdev/refs/api/krb5_mk_ncred.html | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/doc/html/appdev/refs/api/krb5_mk_ncred.html b/doc/html/appdev/refs/api/krb5_mk_ncred.html index b2011a3c6003..f074b857433d 100644 --- a/doc/html/appdev/refs/api/krb5_mk_ncred.html +++ b/doc/html/appdev/refs/api/krb5_mk_ncred.html @@ -1,33 +1,31 @@ + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. — MIT Kerberos Documentation</title> - + <title>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. — MIT Kerberos Documentation</title> <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" /> - <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../', - VERSION: '1.16', + VERSION: '1.21.1', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', - HAS_SOURCE: true + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../_static/doctools.js"></script> <link rel="author" title="About these documents" href="../../../about.html" /> + <link rel="index" title="Index" href="../../../genindex.html" /> + <link rel="search" title="Search" href="../../../search.html" /> <link rel="copyright" title="Copyright" href="../../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../../index.html" /> - <link rel="up" title="krb5 API" href="index.html" /> <link rel="next" title="krb5_mk_priv - Format a KRB-PRIV message." href="krb5_mk_priv.html" /> <link rel="prev" title="krb5_mk_error - Format and encode a KRB_ERROR message." href="krb5_mk_error.html" /> </head> @@ -61,13 +59,13 @@ <div class="documentwrapper"> <div class="bodywrapper"> - <div class="body"> + <div class="body" role="main"> <div class="section" id="krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials"> <h1>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.<a class="headerlink" href="#krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials" title="Permalink to this headline">¶</a></h1> <dl class="function"> <dt id="c.krb5_mk_ncred"> -<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <tt class="descname">krb5_mk_ncred</tt><big>(</big><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> **<em> ppcreds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> **<em> ppdata</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><big>)</big><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a></dt> +<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_ncred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> **<em> creds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> **<em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <table class="docutils field-list" frame="void" rules="none"> @@ -76,9 +74,9 @@ <tbody valign="top"> <tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p> <p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p> -<p><strong>[in]</strong> <strong>ppcreds</strong> - Null-terminated array of credentials</p> -<p><strong>[out]</strong> <strong>ppdata</strong> - Encoded credentials</p> -<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay cache information (NULL if not needed)</p> +<p><strong>[in]</strong> <strong>creds</strong> - Null-terminated array of credentials</p> +<p><strong>[out]</strong> <strong>der_out</strong> - Encoded credentials</p> +<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay cache information (NULL if not needed)</p> </td> </tr> </tbody> @@ -101,11 +99,15 @@ </tr> </tbody> </table> -<p>This function takes an array of credentials <em>ppcreds</em> and formats a <strong>KRB-CRED</strong> message <em>ppdata</em> to pass to <a class="reference internal" href="krb5_rd_cred.html#c.krb5_rd_cred" title="krb5_rd_cred"><tt class="xref c c-func docutils literal"><span class="pre">krb5_rd_cred()</span></tt></a> .</p> -<p>The message will be encrypted using the send subkey of <em>auth_context</em> if it is present, or the session key otherwise.</p> +<p>This function takes an array of credentials <em>creds</em> and formats a <strong>KRB-CRED</strong> message <em>der_out</em> to pass to <a class="reference internal" href="krb5_rd_cred.html#c.krb5_rd_cred" title="krb5_rd_cred"><code class="xref c c-func docutils literal"><span class="pre">krb5_rd_cred()</span></code></a> .</p> +<p>The local and remote addresses in <em>auth_context</em> are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.</p> +<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , the timestamp used for the KRB-CRED message is stored in <em>rdata_out</em> .</p> +<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-CRED message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p> +<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p> +<p>The message will be encrypted using the send subkey of <em>auth_context</em> if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> -<p class="last">If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></tt></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></tt></a> flag is set in <em>auth_context</em> , <em>outdata</em> is required.</p> +<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p> </div> </div> @@ -165,8 +167,8 @@ <div class="footer-wrapper"> <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../../copyright.html">Copyright</a> 1985-2017, MIT. + <div class="right" ><i>Release: 1.21.1</i><br /> + © <a href="../../../copyright.html">Copyright</a> 1985-2023, MIT. </div> <div class="left"> |