HP-UX Reference (11i v1 05/09) - 3 Library Functions A-M (vol 6)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

561

562

563

564

565

566

567

568

569

570

libkrb5(3) libkrb5(3)

krb5_princ_realm()

, krb5_copy_principal()

, etc.

Some of the APIs are internal functions, not intended for use by the application programs, interface may

change at any time. Even though it is possible to directly access the data elements in the structure, it is

recommended that these APIs should be used. The returned principal should be freed with

krb5_free_principal()

Credential cache management APIs

These APIs deal with storing credentials (tickets, session keys and other identifying information) in a

semi-permanent store for later use by different programs. The credential storage can be a hard disk or a

memory storage. Some of the common APIs are

krb5_cc_resolve()

, krb5_cc_default()

krb5_cc_initialize()

, krb5_cc_destroy()

, krb5_cc_store_cred()

krb5_cc_retrieve_cred()

krb5_cc_remove_cred()

, and krb5_cc_set_flags()

The retrieved credentials should be freed using krb5_free_credentials()

Replay cache management APIs

These APIs deal with verifying that AP_REQ’s do not contain duplicate authenticators. The storage must

be non-volatile for the site-determined validity period of authenticators. Some of the common APIs are

krb5_auth_to_rep()

, krb5_rc_register_type(), krb5_rc_default()

krb5_rc_initialize()

, krb5_rc_close(), krb5_rc_store()

, and

krb5_rc_resolve()

initializes the private data for a replay cache. This API must be called before the

other replay cache APIs. The allocated memory should be

freedusingkrb5_rc_close()

These APIs are not generally used by the applications.

Key tab management APIs

These APIs deal with storing and retrieving service keys for use by unattended services which participate

in authentication exchanges. Keytab routines are all atomic. All keytab types support multiple concurrent

sequential scans. Some of the common APIs are

krb5_kt_register()

, krb5_kt_resolve(),

krb5_kt_default()

, krb5_kt_add_entry(), krb5_kt_close()

krb5_kt_free_entry()

, and krb5_kt_next_entry().

To free the resources, the user should use

krb5_kt_free_entry()

Memory Management APIs

These APIs deal with deallocation of memory that has been allocated by various routines. It is recom-

mended that the developer must use these routines in order to free the data structures. All the APIs start

with krb5_free preﬁx. Some of the common APIs are

krb5_free_principal()

krb5_free_data()

, krb5_free_authenticator(), krb5_free_ticket()

krb5_free_cred()

, krb5_free_pa_data(), and krb5_free_tgt_creds()

Operating System-speciﬁc APIs

These APIs provide an interface between the other parts of the libkrb5 libraries and the operating system.

These include APIs to allow access to conﬁguration speciﬁc information, disk based I/O operations, network

based operations and operating system speciﬁc access APIs. Some of the common APIs are

krb5_set_config_file(), krb5_get_default_realm()

, krb5_get_krbhst(),

krb5_gen_portaddr(), krb5_read_message()

, krb5_kuserok(), krb5_timeofday(),

and

krb5_read_passwd().

Application-speciﬁc and Miscellaneous APIs

These APIs deal with sending and receiving KRB5 protocol messages to the Kerberos server, ticket

management and miscellaneous calls. Some of the common APIs are krb5_get_cred_from_kdc()

krb5_get_credentials(), krb5_get_in_tkt_with_password()

, krb5_rd_rep(),

krb5_mk_error(), krb5_sendauth(), and krb5_recvauth()

WARNINGS

It is strongly recommended to use GSS-API instead of Kerberos calls. The Kerberos libraries are not thread

safe.

AUTHOR

Kerberos client libraries were developed at Massachusetts Institute of Technology. This version of the

libraries are compatible with MIT1.0, MIT1.1 and MIT1.1.1.

Section 3−−522 Hewlett-Packard Company − 2 − HP-UX 11i Version 1: September 2005