Lines Matching +full:unlock +full:- +full:keys
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
59 * - We may make arbitrary incompatible changes between feature
61 * - We will make some effort to avoid making incompatible changes for
113 /* Map cross-realm principals */
119 /* User-to-user */
121 /* Cross-realm */
143 * Note --- these structures cannot be modified without changing the
154 /* String attributes (currently stored inside tl-data) map C string keys to
187 * they set e_length appropriately (non-zero if the data should be marshalled
189 * caller-constructed principal entries.
262 /* String attributes may not always be represented in tl-data. kadmin clients
270 #define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
274 #define KRB5_TL_LAST_ADMIN_UNLOCK 0x0700 /* Timestamp of admin unlock */
313 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
322 * Data encoding is little-endian.
325 #include "k5-platform.h"
362 * platform-specific suffixes suitable for shared objects. This function can
456 * master key is used. If @a mkey is NULL, then all master keys are tried.
717 * Sort an array of @a krb5_key_data keys in descending order by their kvno.
899 * - get_authdata_info() and sign_authdata() have been removed, and issue_pac()
902 * - check_allowed_to_delegate() must handle a null proxy argument, returning
906 * - allowed_to_delegate_from() accepts a krb5_pac parameter (in place
909 * - check_allowed_to_delegate() and allowed_to_delegate_from() must return
912 * - the KRB5_KDB_FLAG_ISSUE_PAC and KRB5_FLAG_CLIENT_REFERRALS_ONLY flags have
915 * - the KRB5_KDB_FLAG_CANONICALIZE flag has been renamed to
967 * command-line arguments for module-specific flags. mode will be one of
1028 krb5_error_code (*unlock)(krb5_context kcontext); member
1039 * requested. Determines whether the module should return out-of-realm
1044 * out-of-realm referrals.
1070 * A module may return an in-realm alias by setting (*entry)->princ to the
1076 * module should return a referral by simply filling in an out-of-realm
1077 * name in (*entry)->princ and setting all other fields to NULL.
1078 * Otherwise, the module should return the entry for the cross-realm TGS of
1079 * the referred-to realm.
1088 * command-line arguments for module-specific flags.
1183 * old-format stash file.
1202 * copies of the master keys encrypted with old master keys.
1215 * The default implementation saves the list of master keys in a
1216 * keytab-format file.
1241 * Optional with default: Change the key data for db_entry to include keys
1242 * derived from the password passwd in each of the specified key-salt
1303 * Optional: Perform a policy check on a cross-realm ticket's transited
1305 * KRB5_PLUGIN_NO_HANDLE to use the core transited-checking mechanisms, or
1317 * - Place a short string literal into *status.
1318 * - If desired, place data into e_data. Any data placed here will be
1320 * - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1334 * - Place a short string literal into *status.
1335 * - If desired, place data into e_data. Any data placed here will be
1337 * - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1394 * presented in an AS request. princ->realm indicates the request realm,
1396 * out-of-realm client referral as it would for get_principal().
1419 * resource-based constrained delegation variant, which can support
1420 * cross-realm delegation. If this method is not implemented or if it
1455 * the Kerberos password or long-term key was not used. The module may use
1458 * Kerberos password or long-term key.
1466 * incoming cross-realm TGS, and the PAC fields should undergo appropriate
1467 * filtering based on the trust level of the cross-realm relationship.
1469 * auth_indicators points to NULL or a null-terminated list of krb5_data