doxygen
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24272 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -35,6 +35,106 @@
|
|||||||
|
|
||||||
RCSID("$Id$");
|
RCSID("$Id$");
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @page page_keytab The keytab handing functions.
|
||||||
|
* @section section_krb5_keytab Kerberos Keytabs
|
||||||
|
*
|
||||||
|
* See the library functions here: @ref krb5_keytab
|
||||||
|
*
|
||||||
|
* Keytabs are long term key storage for servers, their equvalment of
|
||||||
|
* password files.
|
||||||
|
*
|
||||||
|
* Normally the only function that useful for server are to specify
|
||||||
|
* what keytab to use to other core functions like krb5_rd_req()
|
||||||
|
* krb5_kt_resolve(), and krb5_kt_close().
|
||||||
|
*
|
||||||
|
* @subsection krb5_keytab_names Keytab names
|
||||||
|
*
|
||||||
|
* A keytab name is on the form type:residual. The residual part is
|
||||||
|
* specific to each keytab-type.
|
||||||
|
*
|
||||||
|
* When a keytab-name is resolved, the type is matched with an internal
|
||||||
|
* list of keytab types. If there is no matching keytab type,
|
||||||
|
* the default keytab is used. The current default type is FILE.
|
||||||
|
*
|
||||||
|
* The default value can be changed in the configuration file
|
||||||
|
* /etc/krb5.conf by setting the variable
|
||||||
|
* [defaults]default_keytab_name.
|
||||||
|
*
|
||||||
|
* The keytab types that are implemented in Heimdal
|
||||||
|
*
|
||||||
|
* - file
|
||||||
|
* store the keytab in a file, the type's name is FILE . The
|
||||||
|
* residual part is a filename. For compatibility with other
|
||||||
|
* Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE
|
||||||
|
* has the same format as FILE. JAVA14 have a format that is
|
||||||
|
* compatible with older versions of MIT kerberos and SUN's Java
|
||||||
|
* based installation. They store a truncted kvno, so when the knvo
|
||||||
|
* excess 255, they are truncted in this format.
|
||||||
|
* .
|
||||||
|
* - keytab
|
||||||
|
* store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ),
|
||||||
|
* the type's name is AFSKEYFILE. The residual part is a filename.
|
||||||
|
* .
|
||||||
|
* - krb4
|
||||||
|
* the keytab is a Kerberos 4 srvtab that is on-the-fly converted to
|
||||||
|
* a keytab. The type's name is krb4 The residual part is a
|
||||||
|
* filename.
|
||||||
|
* .
|
||||||
|
* - memory
|
||||||
|
* The keytab is stored in a memory segment. This allows sensitive
|
||||||
|
* and/or temporary data not to be stored on disk. The type's name
|
||||||
|
* is MEMORY. Each MEMORY keytab is referenced counted by and
|
||||||
|
* opened by the residual name, so two handles can point to the
|
||||||
|
* same memory area. When the last user closes the entry, it
|
||||||
|
* disappears.
|
||||||
|
* .
|
||||||
|
*
|
||||||
|
* @subsection krb5_keytab_example Keytab example
|
||||||
|
*
|
||||||
|
* This is a minimalistic version of ktutil.
|
||||||
|
*
|
||||||
|
* @code
|
||||||
|
int
|
||||||
|
main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
krb5_context context;
|
||||||
|
krb5_keytab keytab;
|
||||||
|
krb5_kt_cursor cursor;
|
||||||
|
krb5_keytab_entry entry;
|
||||||
|
krb5_error_code ret;
|
||||||
|
char *principal;
|
||||||
|
|
||||||
|
if (krb5_init_context (&context) != 0)
|
||||||
|
errx(1, "krb5_context");
|
||||||
|
|
||||||
|
ret = krb5_kt_default (context, &keytab);
|
||||||
|
if (ret)
|
||||||
|
krb5_err(context, 1, ret, "krb5_kt_default");
|
||||||
|
|
||||||
|
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
|
||||||
|
if (ret)
|
||||||
|
krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
|
||||||
|
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
|
||||||
|
krb5_unparse_name_short(context, entry.principal, &principal);
|
||||||
|
printf("principal: %s\\n", principal);
|
||||||
|
free(principal);
|
||||||
|
krb5_kt_free_entry(context, &entry);
|
||||||
|
}
|
||||||
|
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
|
||||||
|
if (ret)
|
||||||
|
krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
|
||||||
|
ret = krb5_kt_close(context, keytab);
|
||||||
|
if (ret)
|
||||||
|
krb5_err(context, 1, ret, "krb5_kt_close");
|
||||||
|
krb5_free_context(context);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
* @endcode
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Register a new keytab backend.
|
* Register a new keytab backend.
|
||||||
*
|
*
|
||||||
@@ -442,7 +542,7 @@ _krb5_kt_principal_not_found(krb5_context context,
|
|||||||
* @param context a Keberos context.
|
* @param context a Keberos context.
|
||||||
* @param id a keytab.
|
* @param id a keytab.
|
||||||
* @param principal principal to match, NULL matches all principals.
|
* @param principal principal to match, NULL matches all principals.
|
||||||
* @param vno key version to match, 0 matches all key version numbers.
|
* @param kvno key version to match, 0 matches all key version numbers.
|
||||||
* @param enctype encryption type to match, 0 matches all encryption types.
|
* @param enctype encryption type to match, 0 matches all encryption types.
|
||||||
* @param entry the returned entry, free with krb5_kt_free_entry().
|
* @param entry the returned entry, free with krb5_kt_free_entry().
|
||||||
*
|
*
|
||||||
@@ -506,7 +606,6 @@ krb5_kt_get_entry(krb5_context context,
|
|||||||
* @param context a Keberos context.
|
* @param context a Keberos context.
|
||||||
* @param in the keytab entry to copy.
|
* @param in the keytab entry to copy.
|
||||||
* @param out the copy of the keytab entry, free with krb5_kt_free_entry().
|
* @param out the copy of the keytab entry, free with krb5_kt_free_entry().
|
||||||
* @param cursor the cursor of the iteration.
|
|
||||||
*
|
*
|
||||||
* @return Return an error code or 0, see krb5_get_error_message().
|
* @return Return an error code or 0, see krb5_get_error_message().
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user