MIT Kerberos Documentation

krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.

krb5_error_code krb5_mk_req_extended(krb5_context context, krb5_auth_context * auth_context, krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_data * outbuf)

[in] context - Library context

[inout] auth_context - Pre-existing or newly created auth context

[in] ap_req_options - Options (see AP_OPTS macros)

[in] in_data - Application data to be checksummed in the authenticator, or NULL

[in] in_creds - Credentials for the service with valid ticket and key

[out] outbuf - AP-REQ message

  • 0 Success; otherwise - Kerberos error codes

Valid ap_req_options are:

  • #AP_OPTS_USE_SESSION_KEY - Use the session key when creating the request used for user to user authentication.
  • #AP_OPTS_MUTUAL_REQUIRED - Request a mutual authentication packet from the receiver.
  • #AP_OPTS_USE_SUBKEY - Generate a subsession key from the current session key obtained from the credentials.

This function creates a KRB_AP_REQ message using supplied credentials in_creds . auth_context may point to an existing auth context or to NULL, in which case a new one will be created. If in_data is non-null, a checksum of it will be included in the authenticator contained in the KRB_AP_REQ message. Use krb5_free_data_contents() to free outbuf when it is no longer needed.

On successful return, the authenticator is stored in auth_context with the client and checksum fields nulled out. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.)

See also