HP-UX Reference (11i v2 07/12) - 3 Library Functions A-M (vol 6)
l
libkrb5(3) libkrb5(3)
NAME
libkrb5, libkrb5.sl, libkrb5.so, libcom_err, libcom_err.sl, libcom_err.so, libk5crypto, libk5crypto.sl,
libk5crypto.so - Kerberos client libraries
SYNOPSIS
32-Bit Libraries on Itanium-based Systems
/usr/lib/hpux32/libkrb5.so
/usr/lib/hpux32/libcom_err.so
/usr/lib/hpux32/libk5crypto.so
64-Bit Libraries on Itanium-based Systems
/usr/lib/hpux64/libkrb5.so
/usr/lib/hpux64/libcom_err.so
/usr/lib/hpux64/libk5crypto.so
32-Bit Libraries on PA-RISC Systems
/usr/lib/libkrb5.sl
/usr/lib/libcom_err.sl
/usr/lib/libk5crypto.sl
64-Bit Libraries on PA-RISC Systems
/usr/lib/pa20_64/libkrb5.sl
/usr/lib/pa20_64/libcom_err.sl
/usr/lib/pa20_64/libk5crypto.sl
DESCRIPTION
Kerberos is a network authentication protocol developed at MIT. This is now an IETF standard RFC 1510,
the Kerberos Network Authentication Service (V5). The shared libraries,
libkrb5.so/libkrb5.sl,
libcom_err.so/libcom_err.sl
and libk5crypto.so/libk5crypto.sl
support authenti-
cation, integrity and confidentiality services as per the Kerberos V5 specification.
Kerberos performs authentication as a trusted third-party authentication service by using conventional
(shared secret key) cryptography mechanism. It provides a means of verifying the identities of principals,
without relying on authentication by the host operating system and without basing trust on host addresses.
This protocol works without requiring the physical security of all the hosts on the network under the
assumption that packets transmitting over the network can be read, modified and inserted at will.
libkrb5.so/libkrb5.sl
is the main Kerberos library, which provides APIs for authentication, veri-
fying tickets, creating authenticator, context management, cache and replay cache management, keytab file
management, memory management, principal name style mapping and operating system specific calls. The
<krb5.h> header file should be included in the application that uses APIs from
libkrb5.so/libkrb5.sl
library.
libk5crypto.so/libk5crypto.sl
, which is linked to libkrb5.so/libkrb5.sl
, will provide
the encryption and decryption APIs. A user should not link this library directly with an application. In
order to add authentication, an application may need to call one or more APIs of the Kerberos library,
which results in the transmission of the necessary messages to achieve authentication.
libcom_err.so/libcom_err.sl implements Kerberos library error code tables. There are separate
error code tables for database, magic numbers and ASN.1 APIs. Based on the failure in the API, the user
may get an error from these tables using the appropriate com_err() API. The <com_err.h> header
file should be included in the application that uses routines from the
libcom_err.so/libcom_err.sl library. Executable files must be linked with
-lcom_err in
order to cause the
com_err library to be included.
The functionalities of the APIs implemented in Kerberos client libraries are given below.
krb5_context Management APIs
The context is designed to represent per process state. The Global parameters which are "context" specific
are stored in this structure. The structure contains default realm, default encryption type, default
configuration files and the like. APIs will provide full access to the data structure stored in the context and
should not be accessed directly by developers. Some of the common APIs are krb5_init_context(),
krb5_init6_context(), krb5_free_context(), and
690 Hewlett-Packard Company − 1 − HP-UX 11i Version 2: December 2007 Update