krb5_rd_priv - Process a KRB-PRIV message.¶

krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata)¶

param:

param:	[in] context - Library context [in] auth_context - Authentication structure [in] inbuf - KRB-PRIV message to be parsed [out] outbuf - Data parsed from KRB-PRIV message [out] outdata - Replay data. Specify NULL if not needed

[in] context - Library context

[in] auth_context - Authentication structure

[in] inbuf - KRB-PRIV message to be parsed

[out] outbuf - Data parsed from KRB-PRIV message

[out] outdata - Replay data. Specify NULL if not needed

retval:	0 Success; otherwise - Kerberos error codes

This function parses a KRB-PRIV message, verifies its integrity, and stores its unencrypted data into outbuf .

If the KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in auth_context , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.

If the KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , then two additional checks are performed:

The timestamp in the message must be within the permitted clock skew (which is usually five minutes).

The message must not be a replayed message field in auth_context .

Note

If the KRB5_AUTH_CONTEXT_RET_TIME or KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context , outdata is required.

MIT Kerberos Documentation

krb5_rd_priv - Process a KRB-PRIV message.¶

On this page

Table of contents

Full Table of Contents

Search