From c32350eb60d63655d53c1ac2be830639cb10401d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 3 Oct 2003 05:00:50 +0000 Subject: [PATCH] some diffrences between Heimdal and MIT Kerberos in the API git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12951 ec53bebd-3082-4978-b11e-865c3cabbd6b --- doc/programming.texi | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/doc/programming.texi b/doc/programming.texi index 8a3b84d1c..f6c6d8e1a 100644 --- a/doc/programming.texi +++ b/doc/programming.texi @@ -14,6 +14,7 @@ introduction text (@pxref{What is Kerberos?}). * Kerberos 5 API Overview:: * Walkthru a sample Kerberos 5 client:: * Validating a password in a server application:: +* API diffrences to MIT Kerberos:: @end menu @node Kerberos 5 API Overview, Walkthru a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos @@ -268,11 +269,46 @@ And send it over the network. The server is using @manpage{krb5_rd_safe,3} and @manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet. -@node Validating a password in a server application, , Walkthru a sample Kerberos 5 client, Programming with Kerberos +@node Validating a password in a server application, API diffrences to MIT Kerberos, Walkthru a sample Kerberos 5 client, Programming with Kerberos @section Validating a password in an application See the manual page for @manpage{krb5_verify_user,3}. +@node API diffrences to MIT Kerberos, , Validating a password in a server application, Programming with Kerberos +@section API diffrences to MIT Kerberos + +This section is somewhat unorganized, but so far there is no overall +structure to the diffrecies, though some of the have their root in +that heimdal uses a ASN.1 compiler and MIT doesn't. + +@subsection Principal and realms + +Heimdal store the realm as a @code{krb5_realm} that is a @code{char *}. +MIT Kerberos uses a @code{krb5_data} to store a realm. See + +In Heimdal @code{krb5_principal} doesn't contain the component +@code{name_type}, its instead stored in component +@code{name.name_type}. To get and set the nametype in Heimdal, use +@manpage{krb5_principal_get_type,3} and +@manpage{krb5_principal_set_type,3}. + +For more information about principal and realms, see +@manpage{krb5_principal,3}. + +@subsection Error messages + +To get the error string, Heimdal users uses +@manpage{krb5_get_error_string,3} or if @code{NULL} is returned, +@manpage{krb5_get_err_text,3}. This is to return custom error messages +(like ''Can't find host/datan.example.com@@EXAMPLE.COM in +/etc/krb5.conf.'' instead of a ``Key table entry not found'' that +@manpage{error_message,3} returns. + +Heimdal uses a threadsafe(er) version of the com_err interface, the +global com_err table isn't initialized, then @manpage{error_message,3} +returns quite boring error string (just the error code itself). + + @c @node Why you should use GSS-API for new applications, Walkthru a sample GSS-API client, Validating a password in a server application, Programming with Kerberos @c @section Why you should use GSS-API for new applications @c