xref: /freebsd/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 (revision e8d8bef961a50d4dc22501cde4fb9fb0be1b2532)
1.\" Copyright (c) 2003 Kungliga Tekniska Högskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id$
33.\"
34.Dd May 31, 2003
35.Dt KRB5_GET_IN_TKT 3
36.Os HEIMDAL
37.Sh NAME
38.Nm krb5_get_in_tkt ,
39.Nm krb5_get_in_cred ,
40.Nm krb5_get_in_tkt_with_password ,
41.Nm krb5_get_in_tkt_with_keytab ,
42.Nm krb5_get_in_tkt_with_skey ,
43.Nm krb5_free_kdc_rep ,
44.Nm krb5_password_key_proc
45.Nd deprecated initial authentication functions
46.Sh LIBRARY
47Kerberos 5 Library (libkrb5, -lkrb5)
48.Sh SYNOPSIS
49.In krb5.h
50.Pp
51.Ft krb5_error_code
52.Fo krb5_get_in_tkt
53.Fa "krb5_context context"
54.Fa "krb5_flags options"
55.Fa "const krb5_addresses *addrs"
56.Fa "const krb5_enctype *etypes"
57.Fa "const krb5_preauthtype *ptypes"
58.Fa "krb5_key_proc key_proc"
59.Fa "krb5_const_pointer keyseed"
60.Fa "krb5_decrypt_proc decrypt_proc"
61.Fa "krb5_const_pointer decryptarg"
62.Fa "krb5_creds *creds"
63.Fa "krb5_ccache ccache"
64.Fa "krb5_kdc_rep *ret_as_reply"
65.Fc
66.Ft krb5_error_code
67.Fo krb5_get_in_cred
68.Fa "krb5_context context"
69.Fa "krb5_flags options"
70.Fa "const krb5_addresses *addrs"
71.Fa "const krb5_enctype *etypes"
72.Fa "const krb5_preauthtype *ptypes"
73.Fa "const krb5_preauthdata *preauth"
74.Fa "krb5_key_proc key_proc"
75.Fa "krb5_const_pointer keyseed"
76.Fa "krb5_decrypt_proc decrypt_proc"
77.Fa "krb5_const_pointer decryptarg"
78.Fa "krb5_creds *creds"
79.Fa "krb5_kdc_rep *ret_as_reply"
80.Fc
81.Ft krb5_error_code
82.Fo krb5_get_in_tkt_with_password
83.Fa "krb5_context context"
84.Fa "krb5_flags options"
85.Fa "krb5_addresses *addrs"
86.Fa "const krb5_enctype *etypes"
87.Fa "const krb5_preauthtype *pre_auth_types"
88.Fa "const char *password"
89.Fa "krb5_ccache ccache"
90.Fa "krb5_creds *creds"
91.Fa "krb5_kdc_rep *ret_as_reply"
92.Fc
93.Ft krb5_error_code
94.Fo krb5_get_in_tkt_with_keytab
95.Fa "krb5_context context"
96.Fa "krb5_flags options"
97.Fa "krb5_addresses *addrs"
98.Fa "const krb5_enctype *etypes"
99.Fa "const krb5_preauthtype *pre_auth_types"
100.Fa "krb5_keytab keytab"
101.Fa "krb5_ccache ccache"
102.Fa "krb5_creds *creds"
103.Fa "krb5_kdc_rep *ret_as_reply"
104.Fc
105.Ft krb5_error_code
106.Fo krb5_get_in_tkt_with_skey
107.Fa "krb5_context context"
108.Fa "krb5_flags options"
109.Fa "krb5_addresses *addrs"
110.Fa "const krb5_enctype *etypes"
111.Fa "const krb5_preauthtype *pre_auth_types"
112.Fa "const krb5_keyblock *key"
113.Fa "krb5_ccache ccache"
114.Fa "krb5_creds *creds"
115.Fa "krb5_kdc_rep *ret_as_reply"
116.Fc
117.Ft krb5_error_code
118.Fo krb5_free_kdc_rep
119.Fa "krb5_context context"
120.Fa "krb5_kdc_rep *rep"
121.Fc
122.Ft krb5_error_code
123.Fo krb5_password_key_proc
124.Fa "krb5_context context"
125.Fa "krb5_enctype type"
126.Fa "krb5_salt salt"
127.Fa "krb5_const_pointer keyseed"
128.Fa "krb5_keyblock **key"
129.Fc
130.Sh DESCRIPTION
131.Bf Em
132All the functions in this manual page are deprecated in the MIT
133implementation, and will soon be deprecated in Heimdal too, don't use them.
134.Ef
135.Pp
136Getting initial credential ticket for a principal.
137.Nm krb5_get_in_cred
138is the function all other krb5_get_in function uses to fetch tickets.
139The other krb5_get_in function are more specialized and therefor
140somewhat easier to use.
141.Pp
142If your need is only to verify a user and password, consider using
143.Xr krb5_verify_user 3
144instead, it have a much simpler interface.
145.Pp
146.Nm krb5_get_in_tkt
147and
148.Nm krb5_get_in_cred
149fetches initial credential, queries after key using the
150.Fa key_proc
151argument.
152The differences between the two function is that
153.Nm krb5_get_in_tkt
154stores the credential in a
155.Li krb5_creds
156while
157.Nm krb5_get_in_cred
158stores the credential in a
159.Li krb5_ccache .
160.Pp
161.Nm krb5_get_in_tkt_with_password ,
162.Nm krb5_get_in_tkt_with_keytab ,
163and
164.Nm krb5_get_in_tkt_with_skey
165does the same work as
166.Nm krb5_get_in_cred
167but are more specialized.
168.Pp
169.Nm krb5_get_in_tkt_with_password
170uses the clients password to authenticate.
171If the password argument is
172.Dv NULL
173the user user queried with the default password query function.
174.Pp
175.Nm krb5_get_in_tkt_with_keytab
176searches the given keytab for a service entry for the client principal.
177If the keytab is
178.Dv NULL
179the default keytab is used.
180.Pp
181.Nm krb5_get_in_tkt_with_skey
182uses a key to get the initial credential.
183.Pp
184There are some common arguments to the krb5_get_in functions, these are:
185.Pp
186.Fa options
187are the
188.Dv KDC_OPT
189flags.
190.Pp
191.Fa etypes
192is a
193.Dv NULL
194terminated array of encryption types that the client approves.
195.Pp
196.Fa addrs
197a list of the addresses that the initial ticket.
198If it is
199.Dv NULL
200the list will be generated by the library.
201.Pp
202.Fa pre_auth_types
203a
204.Dv NULL
205terminated array of pre-authentication types.
206If
207.Fa pre_auth_types
208is
209.Dv NULL
210the function will try without pre-authentication and return those
211pre-authentication that the KDC returned.
212.Pp
213.Fa ret_as_reply
214will (if not
215.Dv NULL )
216be filled in with the response of the KDC and should be free with
217.Fn krb5_free_kdc_rep .
218.Pp
219.Fa key_proc
220is a pointer to a function that should return a key salted appropriately.
221Using
222.Dv NULL
223will use the default password query function.
224.Pp
225.Fa decrypt_proc
226Using
227.Dv NULL
228will use the default decryption function.
229.Pp
230.Fa decryptarg
231will be passed to the decryption function
232.Fa decrypt_proc .
233.Pp
234.Fa creds
235creds should be filled in with the template for a credential that
236should be requested.
237The client and server elements of the creds structure must be filled in.
238Upon return of the function it will be contain the content of the
239requested credential
240.Fa ( krb5_get_in_cred ) ,
241or it will be freed with
242.Xr krb5_free_creds 3
243(all the other krb5_get_in functions).
244.Pp
245.Fa ccache
246will store the credential in the credential cache
247.Fa ccache .
248The credential cache will not be initialized, thats up the the caller.
249.Pp
250.Nm krb5_password_key_proc
251is a library function that is suitable using as the
252.Fa krb5_key_proc
253argument to
254.Nm krb5_get_in_cred
255or
256.Nm krb5_get_in_tkt .
257.Fa keyseed
258should be a pointer to a
259.Dv NUL
260terminated string or
261.Dv NULL .
262.Nm krb5_password_key_proc
263will query the user for the pass on the console if the password isn't
264given as the argument
265.Fa keyseed .
266.Pp
267.Fn krb5_free_kdc_rep
268frees the content of
269.Fa rep .
270.Sh SEE ALSO
271.Xr krb5 3 ,
272.Xr krb5_verify_user 3 ,
273.Xr krb5.conf 5 ,
274.Xr kerberos 8
275