While the krb5_context represents a per-process or per-thread context, the krb5_auth_context represents a per-connection context are are used by the various functions involved directly in client/server authentication. Some of the data stored in this context include keyblocks, addresses, sequence numbers, authenticators, checksum type, and replay cache pointer.
The auth_context may be described as a per connection context. This context contains all data pertinent to the the various authentication routines. This function initializes the auth_context.
The default flags for the context are set to enable the use of the replay cache (KRB5_AUTH_CONTEXT_DO_TIME) but no sequence numbers. The function krb5_auth_con_setflags allows the flags to be changed.
The default checksum type is set to CKSUMTYPE_RSA_MD4_DES. This may be changed with krb5_auth_con_setcksumtype.
The auth_context structure should be freed with krb5_auth_con_free.
Frees the auth_context auth_context returned by krb5_auth_con_init.
Sets the flags of auth_context to funcparamflags. Valid flags are:
Symbol | Meaning |
KRB5_AUTH_CONTEXT_DO_TIME | Use timestamps |
KRB5_AUTH_CONTEXT_RET_TIME | Save timestamps |
to output structure | |
KRB5_AUTH_CONTEXT_DO_SEQUENCE | Use sequence numbers |
KRB5_AUTH_CONTEXT_RET_SEQUENCE | Copy sequence numbers |
to output structure |
Retrievs the flags of auth_context.
Copies the local_addr and remote_addr into the auth_context. If either address is NULL, the previous address remains in place.
Retrieves local_addr and remote_addr from the auth_context. If local_addr or remote_addr is not NULL, the memory is first freed with krb5_free_address and then newly allocated. It is the callers responsibility to free the returned addresses in this way.
Copies the local_port and remote_port addresses into the auth_context. If either address is NULL, the previous address remains in place. These addresses are set by krb5_auth_con_genaddrs.
This function overloads the keyblock field. It is only useful prior to a krb5_rd_req_decode call for user to user authentication where the server has the key and needs to use it to decrypt the incoming request. Once decrypted this key is no longer necessary and is then overwritten with the session key sent by the client.
Retrieves the keyblock stored in auth_context. The memory allocated in this function should be freed with a call to krb5_free_keyblock.
Retrieves the recv_subkey keyblock stored in auth_context. The memory allocated in this function should be freed with a call to krb5_free_keyblock.
Retrieves the send_subkey keyblock stored in auth_context. The memory allocated in this function should be freed with a call to krb5_free_keyblock.
Sets the recv_subkey keyblock stored in auth_context.
Sets the send_subkey keyblock stored in auth_context.
Sets the checksum type used by the other functions in the library.
Retrieves the local sequence number that was used during authentication and stores it in seqnumber.
Retrieves the remote sequence number that was used during authentication and stores it in seqnumber.
Retrieves the authenticator that was used during mutual authentication. It is the callers responsibility to free the memory allocated to authenticator by calling krb5_free_authenticator.
Allocates memory for and zeros the initial vector in the auth_context keyblock.
Sets the i_vector portion of auth_context to ivector.
Sets the replay cache that is used by the authentication routines to rcache.