kdb.h - OpenGrok cross reference for /freebsd/crypto/krb5/src/include/kdb.h

Lines Matching +full:coexist +full:- +full:support
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
59  * - We may make arbitrary incompatible changes between feature
61  * - We will make some effort to avoid making incompatible changes for
113 /* Map cross-realm principals */
119 /* User-to-user */
121 /* Cross-realm */
143  * Note --- these structures cannot be modified without changing the
154 /* String attributes (currently stored inside tl-data) map C string keys to
187  * they set e_length appropriately (non-zero if the data should be marshalled
189  * caller-constructed principal entries.
262 /* String attributes may not always be represented in tl-data.  kadmin clients
270 #define KRB5_TL_SVR_REFERRAL_DATA       0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
313 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
322  * Data encoding is little-endian.
325 #include "k5-platform.h"
362  * platform-specific suffixes suitable for shared objects.  This function can
899  * - get_authdata_info() and sign_authdata() have been removed, and issue_pac()
902  * - check_allowed_to_delegate() must handle a null proxy argument, returning
906  * - allowed_to_delegate_from() accepts a krb5_pac parameter (in place
909  * - check_allowed_to_delegate() and allowed_to_delegate_from() must return
912  * - the KRB5_KDB_FLAG_ISSUE_PAC and KRB5_FLAG_CLIENT_REFERRALS_ONLY flags have
915  * - the KRB5_KDB_FLAG_CANONICALIZE flag has been renamed to
967      * command-line arguments for module-specific flags.  mode will be one of
1016      * KRB5_DB_LOCKMODE_SHARED: Lock may coexist with other shared locks.
1017      * KRB5_DB_LOCKMODE_EXCLUSIVE: Lock may not coexist with other locks.
1021      * kdb5_util dump.  Incremental propagation support requires shared locks
1039      *     requested.  Determines whether the module should return out-of-realm
1044      *     out-of-realm referrals.
1070      * A module may return an in-realm alias by setting (*entry)->princ to the
1076      * module should return a referral by simply filling in an out-of-realm
1077      * name in (*entry)->princ and setting all other fields to NULL.
1078      * Otherwise, the module should return the entry for the cross-realm TGS of
1079      * the referred-to realm.
1088      * command-line arguments for module-specific flags.
1183      * old-format stash file.
1216      * keytab-format file.
1242      * derived from the password passwd in each of the specified key-salt
1303      * Optional: Perform a policy check on a cross-realm ticket's transited
1305      * KRB5_PLUGIN_NO_HANDLE to use the core transited-checking mechanisms, or
1317      *   - Place a short string literal into *status.
1318      *   - If desired, place data into e_data.  Any data placed here will be
1320      *   - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1334      *   - Place a short string literal into *status.
1335      *   - If desired, place data into e_data.  Any data placed here will be
1337      *   - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1394      * presented in an AS request.  princ->realm indicates the request realm,
1396      * out-of-realm client referral as it would for get_principal().
1419      * resource-based constrained delegation variant, which can support
1420      * cross-realm delegation.  If this method is not implemented or if it
1455      * the Kerberos password or long-term key was not used.  The module may use
1458      * Kerberos password or long-term key.
1466      * incoming cross-realm TGS, and the PAC fields should undergo appropriate
1467      * filtering based on the trust level of the cross-realm relationship.
1469      * auth_indicators points to NULL or a null-terminated list of krb5_data