HP-UX Reference (11i v2 03/08) - 3 Library Functions A-M (vol 6)
l
libkrb5(3) libkrb5(3)
NAME
libkrb5 - Kerberos client libraries (libkrb5, libk5crypto, libcom_err)
SYNOPSIS
32-Bit Itanium(R)-based Libraries
/usr/lib/hpux32/libkrb5.so
/usr/lib/hpux32/libcom_err.so
/usr/lib/hpux32/libk5crypto.so
64-Bit Itanium-based Libraries
/usr/lib/hpux64/libkrb5.so
/usr/lib/hpux64/libcom_err.so
/usr/lib/hpux64/libk5crypto.so
32-Bit PA-RISC Libraries
/usr/lib/libkrb5.sl
/usr/lib/libcom_err.sl
/usr/lib/libk5crypto.sl
64-Bit PA-RISC Libraries
/usr/lib/pa20_64/libkrb5.sl
/usr/lib/pa20_64/libcom_err.sl
/usr/lib/pa20_64/libk5crypto.sl
DESCRIPTION
Kerberos is a network authentication protocol developed at MIT. This is now an IETF standard RFC
1510, the Kerberos Network Authentication Service (V5). The shared libraries,
libkrb5.so/libkrb5.sl
, libcom_err.so/libcom_err.sl and
libk5crypto.so/libk5crypto.sl
support authentication, integrity and confidentiality services as
per the Kerberos V5 specification.
Kerberos performs authentication as a trusted third-party authentication service by using conventional
(shared secret key) cryptography mechanism. It provides a means of verifying the identities of principals,
without relying on authentication by the host operating system and without basing trust on host
addresses. This protocol works without requiring the physical security of all the hosts on the network
under the assumption that packets transmitting over the network can be read, modified and inserted at
will.
libkrb5.so/libkrb5.sl
is the main Kerberos library, which provides APIs for authentication, veri-
fying tickets, creating authenticator, context management, cache and replay cache management, keytab
file management, memory management, principal name style mapping and operating system specific
calls. The
<krb5.h> header file should be included in the application that uses APIs from
libkrb5.so/libkrb5.sl library.
libk5crypto.so/libk5crypto.sl, which is linked to
libkrb5.so/libkrb5.sl, will provide
the encryption and decryption APIs. A user should not link this library directly with an application. In
order to add authentication, an application may need to call one or more APIs of the Kerberos library,
which results in the transmission of the necessary messages to achieve authentication.
libcom_err.so/libcom_err.sl implements Kerberos library error code tables. There are
separate error code tables for database, magic numbers and ASN.1 APIs. Based on the failure in the API,
the user may get an error from these tables using the appropriate com_err() API. The <com_err.h>
header file should be included in the application that uses routines from the
libcom_err.so/libcom_err.sl library. Executable files must be linked with -lcom_err in
order to cause the com_err library to be included.
The functionalities of the APIs implemented in Kerberos client libraries are given below.
krb5_context Management APIs
The context is designed to represent per process state. The Global parameters which are "context" specific
are stored in this structure. The structure contains default realm, default encryption type, default
configuration files and the like. APIs will provide full access to the data structure stored in the context
and should not be accessed directly by developers. Some of the common APIs are
Section 3−−566 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: August 2003