friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0332907f0f
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/krb5_recvauth.htm

276 lines
11 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>krb5_recvauth()--Process an Authentication Message Stream</title>
<!-- Begin Header Records -->
<!-- Created by Brian Krings for V5R2 -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- End Header Records --><!-- Edited by Kersten Jan 02 -->
<!--Java sync-link-->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<!-- ============================================================== -->
<!-- -->
<!-- -->
<!-- ============================================================== -->
<h2>krb5_recvauth()--Process an Authentication Message Stream</h2>
<!-- ============================================================== -->
<!-- -->
<!-- S Y N T A X / P A R M T A B L E -->
<!-- -->
<!-- ============================================================== -->
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;krb5.h&gt;
krb5_error_code krb5_recvauth(
krb5_context <em>context</em>,
krb5_auth_context * <em>auth_context</em>,
krb5_pointer <em>socket</em>,
char * <em>appl_version</em>,
krb5_principal <em>server</em>,
krb5_int32 <em>flags</em>,
krb5_keytab <em>keytab</em>,
krb5_ticket ** <em>ticket</em>);
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QKRBGSS<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<!-- ============================================================== -->
<!-- -->
<!-- D E S C R I P T I O N -->
<!-- -->
<!-- ============================================================== -->
<p>The <strong>krb5_recvauth()</strong> function processes an authentication
message stream generated by the <strong>krb5_sendauth()</strong> routine. It
receives the authentication message and sends the authentication response using
the socket descriptor supplied by the application. The application is
responsible for establishing the connection before calling the
<strong>krb5_recvauth()</strong> routine.</p>
<p>The <strong>krb5_recvauth()</strong> routine processes an AP_REQ message
generated by the partner application. The authenticator is extracted,
validated, and stored in the authentication context. If the server parameter is
not NULL and no replay cache is associated with the authentication context, the
Kerberos runtime will create a replay cache and store the cache handle in the
authentication context..</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- A U T H O R I T I E S -->
<!-- -->
<!-- ============================================================== -->
<h3>Authorities</h3>
<p>None.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- P A R A M E T E R S -->
<!-- -->
<!-- ============================================================== -->
<h3>Parameters</h3>
<dl><!-- ============================================================== -->
<!-- context -->
<!-- ============================================================== -->
<dt><strong>context</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The Kerberos context.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- auth_context -->
<!-- ============================================================== -->
<dt><strong>auth_context</strong>&nbsp;&nbsp;(Input/Output)</dt>
<dd>The authentication context. A new authentication context will be created
and returned in this parameter if the value is NULL.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- socket -->
<!-- ============================================================== -->
<dt><strong>socket</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The address of a socket descriptor. This descriptor must represent a TCP
stream connection and not a UDP datagram connection.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- appl_version -->
<!-- ============================================================== -->
<dt><strong>appl_version</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The application version message. An error will be returned if this
application version message does not match the application version message s
upplied by the sender. Specify NULL for this parameter if the application
version message does not need to be verified. The supplied application version
message will be converted to the network code page before comparing it with the
sender's application version message.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- server -->
<!-- ============================================================== -->
<dt><strong>server</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The server name. The server principal in the AP_REQ must be the same as the
principal specified by this parameter. Specify NULL if any server principal is
acceptable.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- flags -->
<!-- ============================================================== -->
<dt><strong>flags</strong>&nbsp;&nbsp;(Input)</dt>
<dd>Specifies flags for the <strong>krb5_recvauth()</strong> routine. There are
currently no defined flags.<br>
<br>
<!-- ============================================================== -->
<!-- keytab -->
<!-- ============================================================== -->
</dd>
<dt><strong>keytab</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The key table which contains the server key. The default key table will be
used if NULL is specified for this parameter.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- ticket -->
<!-- ============================================================== -->
<dt><strong>ticket</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The ticket returned from the AP_REQ message. Specify NULL for this
parameter if the ticket is not needed. The <strong>krb5_free_ticket()</strong>
routine should be called to release the ticket when it is no longer needed.<br>
<br>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- R E T U R N V A L U E -->
<!-- -->
<!-- ============================================================== -->
<h3>Return Value</h3>
<p>If no errors occur, the return value is 0. Otherwise, a Kerberos error code
is returned.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- E R R O R M E S S A G E S -->
<!-- -->
<!-- ============================================================== -->
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td width="15%" valign="top">CPE3418 E</td>
<td width="85%" valign="top">Possible APAR condition or hardware failure.</td>
</tr>
</table>
<br>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- U S A G E N O T E S -->
<!-- -->
<!-- ============================================================== -->
<h3>Usage Notes</h3>
<ol>
<li>If the authentication context contains a keyblock, it will be used to
decrypt the ticket in the AP_REQ message. This is useful for user-to-user
authentication. If the authentication context does not contain a keyblock, the
key table specified on the function call will be used to obtain the decryption
key.</li>
<li>The client in the authenticator must match the client in the ticket. If the
remote address is set in the authentication context, the address list in the
ticket must either include that address or must be a null list. If a replay
cache handle is stored in the authentication context, the new authenticator is
stored in the cache after checking for replay.</li>
<li>If no errors are detected, the authenticator, subsession key, and remote
sequence number are stored in the authentication context. If
AP_OPTS_MUTUAL_REQUIRED is specified in the AP_REQ message, the local sequence
number is XORed with the remote sequence number.</li>
</ol>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- F O O T E R -->
<!-- -->
<!-- ============================================================== -->
<hr>
API introduced: V5R2
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> <br>
<a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by
category</a> </td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink