|
HP Open Source Security for OpenVMS Volume 3:... |
KRB5 (Kerberos V5) Application Programming Interface |
|
|
| |
krb5_mk_priv -- Format a KRB_PRIV message
krb5_error_code krb5_mk_priv(
krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
krb5_data *outbuf,
krb5_replay_data *outdata );
| context (input/output) | The context structure. | |
| auth_context (input/output) | ||
| Authentication context. The
flags from auth_context select whether sequence
numbers or timestamps should be used to identify the message. Valid
values are:KRB5_AUTH_CONTEXT_DO_TIME -- Use timestamps and replay cache. KRB5_AUTH_CONTEXT_RET_TIME -- Copy timestamp to *outdata.KRB5_AUTH_CONTEXT_DO_SEQUENCE -- Use sequence numbers in replay cache. KRB5_AUTH_CONTEXT_RET_SEQUENCE -- Use sequence numbers in replay cache and output data. | |
| userdata (input) | The user data in the message. | |
| outbuf (output) | The formatted KRB_PRIV buffer. | |
| outdata (input/output) | Contains the sequence numbers
if KRB5_AUTH_CONTEXT_RET_SEQUENCE was specified in auth_context. | |
Description
This routine formats a KRB_PRIV message into outbuf.
Behaves similarly to krb5_mk_safe, but
the message is encrypted and integrity protected rather than just
integrity-protected.
The inbuf, auth_context, outdata and outbuf arguments
function as in krb5_mk_safe.
As in krb5_mk_safe, the remote_addr and remote_port part
of the auth_context is optional; if the receiver's
address is not known, it may be replaced by NULL. The local_addr,
however, is mandatory.
The encryption type is taken from the auth_context keyblock portion.
If the i_vector portion of the auth_context is
nonNULL, it is used as an initialization vector for the encryption
(if the chosen encryption type supports initialization vectors),
and its contents are replaced with the last block of encrypted data
upon return.
Return
Values
This routine returns one of the following KRB5 status codes:
|
0
|
Successful completion. |
|
|