friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/krb5_sendauth.htm

350 lines
14 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>krb5_sendauth()--Send an Authentication Message Stream</title>
<!-- Begin Header Records -->
<!-- Created by Brian Krings for V5R2 -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- End Header Records --><!-- Edited by Kersten Jan 02 -->
<!--Java sync-link-->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<!-- ============================================================== -->
<!-- -->
<!-- -->
<!-- ============================================================== -->
<h2>krb5_sendauth()--Send an Authentication Message Stream</h2>
<!-- ============================================================== -->
<!-- -->
<!-- S Y N T A X / P A R M T A B L E -->
<!-- -->
<!-- ============================================================== -->
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;krb5.h&gt;
krb5_error_code krb5_sendauth(
krb5_context <em>context</em>,
krb5_auth_context * <em>auth_context</em>,
krb5_pointer <em>socket</em>,
char * <em>appl_version</em>,
krb5_principal <em>client</em>,
krb5_principal <em>server</em>,
krb5_int32 <em>app_req_options</em>,
krb5_data * <em>appl_data</em>,
krb5_creds * <em>in_creds</em>,
krb5_ccache <em>ccache</em>,
krb5_error ** <em>error</em>,
krb5_ap_rep_enc_part ** <em>rep_result</em>,
krb5_creds ** <em>out_creds</em>)
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QKRBGSS<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<!-- ============================================================== -->
<!-- -->
<!-- D E S C R I P T I O N -->
<!-- -->
<!-- ============================================================== -->
<p>The <strong>krb5_sendauth()</strong> function generates an authentication
message stream for processing by the <strong>krb5_recvauth()</strong> routine.
It sends the authentication message and receives the authentication response
using the socket descriptor supplied by the application. The application is
responsible for establishing the connection before calling the
<strong>krb5_sendauth()</strong> routine. The <strong>krb5_sendauth()</strong>
routine generates an AP_REQ message. The checksum of the application data is
included in the authenticator which is part of the AP_REQ message. This message
is then sent to the partner application, which calls the
<strong>krb5_recvauth()</strong> routine to validate the authenticity of the
message. The checksum method set in the authentication context is used to
generate the checksum.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- A U T H O R I T I E S -->
<!-- -->
<!-- ============================================================== -->
<h3>Authorities</h3>
<p>None.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- P A R A M E T E R S -->
<!-- -->
<!-- ============================================================== -->
<h3>Parameters</h3>
<dl><!-- ============================================================== -->
<!-- context -->
<!-- ============================================================== -->
<dt><strong>context</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The Kerberos context.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- auth_context -->
<!-- ============================================================== -->
<dt><strong>auth_context</strong>&nbsp;&nbsp;(Input/Output)</dt>
<dd>The authentication context. A new authentication context will be created
and returned in this parameter if the value is NULL.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- socket -->
<!-- ============================================================== -->
<dt><strong>socket</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The address of a socket descriptor. This descriptor must represent a TCP
stream connection and not a UDP datagram connection.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- appl_version -->
<!-- ============================================================== -->
<dt><strong>appl_version</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The application version message. An error will be returned if this
application version message does not match the application version message
supplied by the receiver. The supplied application version message will be
converted to the network code page before being sent to the partner
application.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- client -->
<!-- ============================================================== -->
<dt><strong>client</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The client name. This parameter is ignored if a non-NULL value is supplied
for the 'in_creds' parameter. The client name is obtained from the credentials
cache if this parameter is NULL.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- server -->
<!-- ============================================================== -->
<dt><strong>server</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The server name. This parameter is ignored if a non-NULL value is provided
for the 'in_creds' parameter.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- ap_req_options -->
<!-- ============================================================== -->
<dt><strong>ap_req_options</strong>&nbsp;&nbsp;(Input)</dt>
<dd>Request options as follows:<br>
<table cellpadding="5">
<!-- cols="45 55" -->
<tr>
<td align="left" valign="top"><em>AP_OPTS_USE_SESSION_KEY</em></td>
<td align="left" valign="top">Use session key instead of server key for the
service ticket. The credentials must include a ticket which is encrypted in the
session key.</td>
</tr>
<tr>
<td align="left" valign="top"><em>AP_OPTS_MUTUAL_REQUIRED</em></td>
<td align="left" valign="top">Mutual authentication required.</td>
</tr>
<tr>
<td align="left" valign="top"><em>AP_OPTS_USE_SUBKEY</em></td>
<td align="left" valign="top">Generate a subsession key from the current
session key obtained from the credentials.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- appl_data -->
<!-- ============================================================== -->
<dt><strong>appl_data</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The application data whose checksum is to be included in the authenticator.
Specify NULL for this parameter if no checksum is to be included in the
authenticator.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- in_creds -->
<!-- ============================================================== -->
<dt><strong>in_creds</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The credentials for the specified service. The 'client' and 'server'
parameters are ignored if a non-NULL value is provided for the 'in_creds'
parameter. In this case, the client and server names must be set in the input
credentials. The service ticket may be supplied as part of the input
credentials by setting a non-zero ticket length value. If the service ticket is
not supplied as part of the input credentials, the Kerberos runtime will obtain
a service ticket using the ticket-granting ticket retrieved from the
credentials cache.
<p>When the Kerberos runtime obtains the service ticket, additional fields are
checked in the input credentials. The second_ticket field must be set if the
service ticket is to be encrypted in a session key. The ticket expiration time
can be set to override the default expiration time. The key encryption type can
be set to override the default ticket encryption type.</p>
</dd>
<!-- ============================================================== -->
<!-- ccache -->
<!-- ============================================================== -->
<dt><strong>ccache</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The credentials cache which is to be used to obtain credentials to the
desired service. The credentials cache is not used when the service ticket is
supplied as part of the input credentials. The default credentials cache will
be used if this parameter is NULL.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- error -->
<!-- ============================================================== -->
<dt><strong>error</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The KRB_ERROR message returned if an authentication error is reported by
the partner application. The <strong>krb5_free_error()</strong> routine should
be called to release the error message when it is no longer needed. Specify
NULL for this parameter if the error message is not needed.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- rep_result -->
<!-- ============================================================== -->
<dt><strong>rep_result</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The decrypted reply data returned from the AP_REP message. The
<strong>krb5_free_ap_rep_enc_part()</strong> routine should be called to
release the reply data when it is no longer needed. Specify NULL for this
parameter if the reply data is not needed. A reply is available only if
AP_OPTS_MUTUAL_REQUIRED is specified in the request options.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- out_creds -->
<!-- ============================================================== -->
<dt><strong>out_creds</strong>&nbsp;&nbsp;(Output)</dt>
<dd>The service ticket returned. The <strong>krb5_free_creds()</strong> routine
should be called to release the credentials when they are no longer needed.
Specify NULL for this parameter if the service ticket is not needed.<br>
<br>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- R E T U R N V A L U E -->
<!-- -->
<!-- ============================================================== -->
<h3>Return Value</h3>
<p>If no errors occur, the return value is 0. Otherwise, a Kerberos error code
is returned.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- E R R O R M E S S A G E S -->
<!-- -->
<!-- ============================================================== -->
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td width="15%" valign="top">CPE3418 E</td>
<td width="85%" valign="top">Possible APAR condition or hardware failure.</td>
</tr>
</table>
<br>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- U S A G E N O T E S -->
<!-- -->
<!-- ============================================================== -->
<br>
<!-- ============================================================== -->
<!-- -->
<!-- F O O T E R -->
<!-- -->
<!-- ============================================================== -->
<hr>
API introduced: V5R2
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> <br>
<a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by
category</a> </td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink