| /freebsd/crypto/krb5/src/lib/krb5/keytab/ |
| H A D | ktfns.c | 2 /* lib/krb5/keytab/ktfns.c */
28 * Dispatch methods for keytab code.
38 krb5_kt_get_type (krb5_context context, krb5_keytab keytab) in krb5_kt_get_type() argument
40 return keytab->ops->prefix; in krb5_kt_get_type()
44 krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, in krb5_kt_get_name() argument
47 return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen)); in krb5_kt_get_name()
51 krb5_kt_close(krb5_context context, krb5_keytab keytab) in krb5_kt_close() argument
53 return krb5_x((keytab)->ops->close,(context, keytab)); in krb5_kt_close()
57 krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, in krb5_kt_get_entry() argument
74 err = krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, in krb5_kt_get_entry()
[all …]
|
| H A D | kt_memory.c | 2 /* lib/krb5/keytab/kt_memory.c */
64 /* Per-keytab data header */
66 char *name; /* Name of the keytab */
75 krb5_keytab keytab; member
153 /* destroy the contents of node->keytab */ in krb5int_mkt_finalize()
154 free(KTNAME(node->keytab)); in krb5int_mkt_finalize()
156 /* free the keytab entries */ in krb5int_mkt_finalize()
157 for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { in krb5int_mkt_finalize()
168 k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock)); in krb5int_mkt_finalize()
171 free(node->keytab->data); in krb5int_mkt_finalize()
[all …]
|
| /freebsd/crypto/heimdal/doc/doxyout/krb5/man/man3/ |
| H A D | krb5_keytab.3 | 1 .TH "Heimdal Kerberos 5 keytab handling functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos…
5 Heimdal Kerberos 5 keytab handling functions \-
28 … KRB5_LIB_CALL \fBkrb5_kt_get_type\fP (krb5_context context, krb5_keytab keytab, char *prefix, siz…
31 … KRB5_LIB_CALL \fBkrb5_kt_get_name\fP (krb5_context context, krb5_keytab keytab, char *name, size_…
34 …e KRB5_LIB_CALL \fBkrb5_kt_get_full_name\fP (krb5_context context, krb5_keytab keytab, char **str)"
80 Add the entry in `entry' to the keytab `id'.
86 \fIid\fP a keytab.
99 Finish using the keytab in `id'. All resources will be released, even on errors.
105 \fIid\fP keytab to close.
145 \fIin\fP the keytab entry to copy.
[all …]
|
| H A D | krb5_keytab_intro.3 | 5 krb5_keytab_intro \- The keytab handing functions
8 See the library functions here: \fBHeimdal Kerberos 5 keytab handling functions\fP
12 Normally the only function that useful for server are to specify what keytab to use to other core f…
13 .SS "Keytab names"
14 A keytab name is on the form type:residual. The residual part is specific to each keytab-type.
16 When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there…
20 The keytab types that are implemented in Heimdal are:
22 file store the keytab in a file, the type's name is FILE . The residual part is a filename. For com…
26 keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEY…
30 …keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored…
[all …]
|
| H A D | krb5_auth.3 | 13 … \fBkrb5_rd_req_in_set_keytab\fP (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)"
45 …keytab that will verify the reply. The function will prefer the server the server client specified…
75 …B_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)"
77 Set the keytab that \fBkrb5_rd_req_ctx()\fP will use.
85 \fIkeytab\fP keytab that \fBkrb5_rd_req_ctx()\fP will use, only copy the pointer, so the caller mus…
127 …not match whats in the ticket if \fBkrb5_rd_req_ctx()\fP searched in the keytab for a matching key.
|
| /freebsd/crypto/heimdal/lib/krb5/ |
| H A D | keytab.c | 37 * @page krb5_keytab_intro The keytab handing functions
46 * what keytab to use to other core functions like krb5_rd_req()
49 * @subsection krb5_keytab_names Keytab names
51 * A keytab name is on the form type:residual. The residual part is
52 * specific to each keytab-type.
54 * When a keytab-name is resolved, the type is matched with an internal
55 * list of keytab types. If there is no matching keytab type,
56 * the default keytab is used. The current default type is FILE.
62 * The keytab types that are implemented in Heimdal are:
64 * store the keytab in a file, the type's name is FILE . The
[all …]
|
| H A D | keytab_file.c | 201 "keytab principal in keytab file %s", ""), in krb5_kt_ret_principal()
210 N_("Keytab principal contains " in krb5_kt_ret_principal()
211 "invalid length in keytab %s", ""), in krb5_kt_ret_principal()
218 N_("Can't read realm from keytab: %s", ""), in krb5_kt_ret_principal()
234 "keytab: %s", ""), in krb5_kt_ret_principal()
248 "keytab: %s", ""), in krb5_kt_ret_principal()
386 N_("keytab %s open failed: %s", ""), in fkt_start_seq_get_int()
549 krb5_data keytab; in fkt_add_entry() local
595 N_("%s: keytab is corrupted: %s", ""), in fkt_add_entry()
604 N_("Bad version in keytab %s", ""), in fkt_add_entry()
[all …]
|
| H A D | test_keytab.c | 38 * Test that removal entry from of empty keytab doesn't corrupts
43 test_empty_keytab(krb5_context context, const char *keytab) in test_empty_keytab() argument
49 ret = krb5_kt_resolve(context, keytab, &id); in test_empty_keytab()
59 krb5_errx(context, 1, "supposed to be empty keytab isn't"); in test_empty_keytab()
67 * Test that memory keytab are refcounted.
71 test_memory_keytab(krb5_context context, const char *keytab, const char *keytab2) in test_memory_keytab() argument
77 ret = krb5_kt_resolve(context, keytab, &id); in test_memory_keytab()
94 ret = krb5_kt_resolve(context, keytab, &id2); in test_memory_keytab()
143 ret = krb5_kt_resolve(context, keytab, &id); in test_memory_keytab()
196 "test performance for named keytab", "keytab" },
[all …]
|
| /freebsd/crypto/krb5/src/kadmin/cli/ |
| H A D | keytab.c | 40 static void add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
44 static void remove_principal(char *keytab_str, krb5_keytab keytab,
55 fprintf(stderr, _("Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] " in add_usage()
62 fprintf(stderr, _("Usage: ktremove [-k[eytab] keytab] [-q] principal " in rem_usage()
68 krb5_keytab *keytab) in process_keytab() argument
76 com_err(whoami, ENOMEM, _("while creating keytab name")); in process_keytab()
79 code = krb5_kt_default(my_context, keytab); in process_keytab()
81 com_err(whoami, code, _("while opening default keytab")); in process_keytab()
85 code = krb5_kt_get_name(my_context, *keytab, name, BUFSIZ); in process_keytab()
87 com_err(whoami, code, _("while getting keytab name")); in process_keytab()
[all …]
|
| H A D | k5srvutil.sh | 3 # list_princs keytab
4 # returns a list of principals in the keytab
7 klist -k $keytab | awk '(NR > 3) {print $2}' | sort | uniq
50 kadmin -k -t $keytab -p $princ -q \
51 "ktadd -k $keytab $keysalts $princ"
60 kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
70 kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
76 keytab=/etc/krb5.keytab
85 keytab=$1
118 klist -k $keytab
|
| /freebsd/crypto/krb5/src/lib/krb5/krb/ |
| H A D | t_vfy_increds.py | 27 # Verify the default test realm credentials with the default keytab.
28 mark('default keytab')
32 # Verify after updating the keytab (so the keytab contains an outdated
34 mark('updated keytab')
39 # Bump the host key without updating the keytab and make sure that
41 mark('outdated keytab')
46 # Simulate a system where the hostname has changed and the keytab
48 # matches. Verify after updating the keytab with a host service
57 # Remove the keytab and verify again. This should succeed if nofail
59 mark('no keytab')
[all …]
|
| H A D | gic_keytab.c | 45 krb5_keytab keytab = (krb5_keytab) gak_data; in get_as_key_keytab() local
68 if ((ret = krb5_kt_get_entry(context, keytab, client, in get_as_key_keytab()
82 /* Return the list of etypes available for client in keytab. */
84 lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, in lookup_etypes_for_keytab() argument
98 if (keytab->ops->start_seq_get == NULL) in lookup_etypes_for_keytab()
100 ret = krb5_kt_start_seq_get(context, keytab, &cursor); in lookup_etypes_for_keytab()
104 while (!(ret = krb5_kt_next_entry(context, keytab, &entry, &cursor))) { in lookup_etypes_for_keytab()
141 krb5_kt_end_seq_get(context, keytab, &cursor); in lookup_etypes_for_keytab()
179 krb5_keytab keytab) in krb5_init_creds_set_keytab() argument
189 ctx->gak_data = keytab; in krb5_init_creds_set_keytab()
[all …]
|
| H A D | vfy_increds.c | 2 /* lib/krb5/krb/vfy_increds.c - Verify initial credentials with keytab */
36 /* Return true if configuration demands that a keytab be present. (By default
37 * verification will be skipped if no keytab exists.) */
80 krb5_keytab keytab, krb5_ccache *ccache_arg) in get_vfy_cred() argument
151 ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab, NULL, NULL); in get_vfy_cred()
221 /* Return a list of all unique host service princs in keytab. */
223 get_host_princs_from_keytab(krb5_context context, krb5_keytab keytab, in get_host_princs_from_keytab() argument
233 ret = krb5_kt_start_seq_get(context, keytab, &cursor); in get_host_princs_from_keytab()
237 while ((ret = krb5_kt_next_entry(context, keytab, &kte, &cursor)) == 0) { in get_host_princs_from_keytab()
245 (void)krb5_kt_end_seq_get(context, keytab, &cursor); in get_host_princs_from_keytab()
[all …]
|
| H A D | rd_req_dec.c | 48 * kdb keytab, the ticket's server field need not match the name passed in for
50 * from the keytab associated with the specified server principal. This
54 * local keytab, but not with the informational name in the ticket.
115 /* Return a helpful code and error when we cannot look up the keytab entry for
146 k5_setmsg(context, ret, _("Cannot find key for %s kvno %d in keytab"), in keytab_fetch_error()
151 _("Cannot find key for %s kvno %d in keytab (request ticket " in keytab_fetch_error()
176 _("Cannot decrypt ticket for %s using keytab key for %s"), in integrity_error()
183 /* Return a helpful code and error when we cannot iterate over the keytab and
206 * iterating over the keytab. */
227 k5_setmsg(context, ret, _("No keys in keytab")); in iteration_error()
[all …]
|
| /freebsd/crypto/heimdal/doc/doxyout/krb5/html/ |
| H A D | krb5_keytab_intro.html | 3 <title>HeimdalKerberos5library: The keytab handing functions</title>
23 <h1><a class="anchor" name="krb5_keytab_intro">The keytab handing functions </a></h1><h2><a class="…
25 …s here: <a class="el" href="group__krb5__keytab.html">Heimdal Kerberos 5 keytab handling functions…
27 Normally the only function that useful for server are to specify what keytab to use to other core f…
28 Keytab names</a></h3>
29 A keytab name is on the form type:residual. The residual part is specific to each keytab-type.<p>
30 When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there…
32 The keytab types that are implemented in Heimdal are:<ul>
33 <li>file store the keytab in a file, the type's name is FILE . The residual part is a filename. For…
36 <li>keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AF…
[all …]
|
| H A D | group__krb5__keytab.html | 3 <title>HeimdalKerberos5library: Heimdal Kerberos 5 keytab handling functions</title>
23 <h1>Heimdal Kerberos 5 keytab handling functions</h1><table border="0" cellpadding="0" cellspacing=…
45 …56968d836efd9bb">krb5_kt_get_type</a> (krb5_context context, krb5_keytab keytab, char *prefix, siz…
48 …d652aa4adb44bdd">krb5_kt_get_name</a> (krb5_context context, krb5_keytab keytab, char *name, size_…
51 …f5e698d1f3">krb5_kt_get_full_name</a> (krb5_context context, krb5_keytab keytab, char **str)</td><…
92 <a class="anchor" name="g68d16c2a59d10dc3ca84bf8cbf6a4731"></a><!-- doxytag: member="keytab.c::krb5…
124 Add the entry in `entry' to the keytab `id'.<p>
128 <tr><td valign="top"></td><td valign="top"><em>id</em> </td><td>a keytab. </td></tr>
136 <a class="anchor" name="gb67f5ae0a7c4b87d193218b842cad590"></a><!-- doxytag: member="keytab.c::krb5…
162 Finish using the keytab in `id'. All resources will be released, even on errors.<p>
[all …]
|
| /freebsd/crypto/heimdal/admin/ |
| H A D | ktutil.8 | 42 .Oo Fl k Ar keytab \*(Ba Xo
43 .Fl Fl keytab= Ns Ar keytab
68 Adds a key to the keytab. Options that are not specified will be
71 the keytab, you should consider the
78 server for the realm of a keytab entry. Otherwise it will use the
81 If no principals are given, all the ones in the keytab are updated.
82 .It copy Ar keytab-src Ar keytab-dest
84 .Ar keytab-src
86 .Ar keytab-dest .
96 and put that key in the keytab.
[all …]
|
| H A D | rename.c | 43 krb5_keytab keytab; in kt_rename() local
60 if((keytab = ktutil_open_keytab()) == NULL) { in kt_rename()
66 ret = krb5_kt_start_seq_get(context, keytab, &cursor); in kt_rename()
68 krb5_kt_close(context, keytab); in kt_rename()
74 ret = krb5_kt_next_entry(context, keytab, &entry, &cursor); in kt_rename()
77 krb5_warn(context, ret, "getting entry from keytab"); in kt_rename()
85 ret = krb5_kt_add_entry(context, keytab, &entry); in kt_rename()
94 ret = krb5_kt_remove_entry(context, keytab, &entry); in kt_rename()
106 krb5_kt_end_seq_get(context, keytab, &cursor); in kt_rename()
|
| H A D | purge.c | 107 krb5_keytab keytab; in kt_purge() local
119 if((keytab = ktutil_open_keytab()) == NULL) in kt_purge()
122 ret = krb5_kt_start_seq_get(context, keytab, &cursor); in kt_purge()
128 while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { in kt_purge()
132 krb5_kt_end_seq_get(context, keytab, &cursor); in kt_purge()
136 ret = krb5_kt_start_seq_get(context, keytab, &cursor); in kt_purge()
142 while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { in kt_purge()
159 ret = krb5_kt_remove_entry (context, keytab, &entry); in kt_purge()
165 ret = krb5_kt_end_seq_get(context, keytab, &cursor); in kt_purge()
170 krb5_kt_close (context, keytab); in kt_purge()
|
| /freebsd/crypto/krb5/src/man/ |
| H A D | k5srvutil.man | 32 k5srvutil \- host key table (keytab) manipulation utility
42 a keytab, to obtain new keys for a principal currently in a keytab,
43 or to delete non\-current keys from a keytab.
49 Lists the keys in a keytab, showing version number and principal
55 the keytab to match. If a key\(aqs version number doesn\(aqt match the
62 option. Old keys are retained in the keytab so that existing
67 Deletes keys that are not the most recent version from the keytab.
74 Deletes particular keys in the keytab, interactively prompting for
78 In all cases, the default keytab is used unless this is overridden by
81 k5srvutil uses the \fI\%kadmin\fP program to edit the keytab in
|
| H A D | klist.man | 46 credentials cache, or the keys held in a keytab file.
53 keytab file.
109 List keys held in a keytab file.
113 keytab instead of the default acceptor keytab, if no name is
117 Display the time entry timestamps for each keytab entry in the
118 keytab file.
121 Display the value of the encryption key in each keytab entry in
122 the keytab file.
132 the credentials in the default credentials cache or keytab file as
146 Default location for the local host\(aqs keytab file.
|
| H A D | ktutil.man | 32 ktutil \- Kerberos keytab file maintenance utility
39 administrator can read, write, or edit entries in a keytab. (Kerberos
57 \fBread_kt\fP \fIkeytab\fP
61 Read the Kerberos V5 keytab file \fIkeytab\fP into the current keylist.
67 \fBwrite_kt\fP \fIkeytab\fP
71 Write the current keylist into the Kerberos V5 keytab file \fIkeytab\fP\&.
143 ktutil: write_kt alice.keytab
|
| /freebsd/contrib/pam-krb5/tests/tap/ |
| H A D | kerberos.c | 6 * obtaining initial tickets from the configured keytab and setting up
7 * KRB5CCNAME and KRB5_KTNAME if a Kerberos keytab is present. Also included
68 * point to a different Kerberos ticket cache, keytab, and configuration file,
85 * Kerberos libraries available and one if we don't. Uses keytab to obtain
98 krb5_keytab keytab; in kerberos_kinit() local
104 * Determine the principal corresponding to that keytab. We copy the in kerberos_kinit()
111 kprinc = kerberos_keytab_principal(ctx, config->keytab); in kerberos_kinit()
128 code = krb5_kt_resolve(ctx, config->keytab, &keytab); in kerberos_kinit()
130 bail_krb5(ctx, code, "cannot open keytab %s", config->keytab); in kerberos_kinit()
137 code = krb5_get_init_creds_keytab(ctx, &creds, kprinc, keytab, 0, krbtgt, in kerberos_kinit()
[all …]
|
| /freebsd/crypto/heimdal/lib/gssapi/krb5/ |
| H A D | acquire_cred.c | 82 get_keytab(krb5_context context, krb5_keytab *keytab) in get_keytab() argument
93 kret = krb5_kt_resolve(context, name, keytab); in get_keytab()
97 kret = krb5_kt_default(context, keytab); in get_keytab()
121 krb5_keytab keytab; in acquire_initiator_cred() local
124 keytab = NULL; in acquire_initiator_cred()
159 /* we'll try to use a keytab below */ in acquire_initiator_cred()
177 * so attempt to get a TGT using a keytab. in acquire_initiator_cred()
198 kret = get_keytab(context, &keytab); in acquire_initiator_cred()
204 handle->principal, keytab, in acquire_initiator_cred()
248 if (keytab != NULL) in acquire_initiator_cred()
[all …]
|
| /freebsd/crypto/krb5/src/lib/gssapi/krb5/ |
| H A D | acquire_cred.c | 123 /* Try to verify that keytab contains at least one entry for name. Return 0 if
140 /* If we can't iterate through the keytab, skip this check. */ in check_keytab()
144 /* Scan the keytab for host-based entries matching mprinc. */ in check_keytab()
156 /* get credentials corresponding to a key in the krb5 keytab.
157 If successful, set the keytab-specific fields in cred
170 assert(cred->keytab == NULL); in acquire_accept_cred()
205 /* Make sure we have keys matching the desired name in the keytab. */ in acquire_accept_cred()
226 /* Make sure we have a keytab with keys in it. */ in acquire_accept_cred()
234 cred->keytab = kt; in acquire_accept_cred()
334 /* If we don't know the client principal yet, check for any keytab keys. */ in can_get_initial_creds()
[all …]
|