libkrb5.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

libkrb5(3) libkrb5(3)

NAME

libkrb5: libkrb5.sl, libkrb5.so, libcom_err.sl, libcom_err.so, libk5crypto.sl, libk5crypto.so - Kerberos client

libraries

SYNOPSIS

32-Bit Libraries on Itanium-based Systems

/usr/lib/hpux32/libkrb5.so

/usr/lib/hpux32/libcom_err.so

/usr/lib/hpux32/libk5crypto.so

64-Bit Libraries on Itanium-based Systems

/usr/lib/hpux64/libkrb5.so

/usr/lib/hpux64/libcom_err.so

/usr/lib/hpux64/libk5crypto.so

32-Bit Libraries on PA-RISC Systems

/usr/lib/libkrb5.sl

/usr/lib/libcom_err.sl

/usr/lib/libk5crypto.sl

64-Bit Libraries on PA-RISC Systems

/usr/lib/pa20_64/libkrb5.sl

/usr/lib/pa20_64/libcom_err.sl

/usr/lib/pa20_64/libk5crypto.sl

DESCRIPTION

Kerberos is a network authentication protocol developed at MIT. This is now an IETF standard RFC

1510, the Kerberos Network Authentication Service (V5). The shared libraries,

libkrb5.so/libkrb5.sl

, libcom_err.so/libcom_err.sl and

libk5crypto.so/libk5crypto.sl

support authentication, integrity and conﬁdentiality services as

per the Kerberos V5 speciﬁcation.

Kerberos performs authentication as a trusted third-party authentication service by using conventional

(shared secret key) cryptography mechanism. It provides a means of verifying the identities of principals,

without relying on authentication by the host operating system and without basing trust on host

addresses. This protocol works without requiring the physical security of all the hosts on the network

under the assumption that packets transmitting over the network can be read, modiﬁed and inserted at

will.

libkrb5.so/libkrb5.sl

is the main Kerberos library, which provides APIs for authentication, veri-

fying tickets, creating authenticator, context management, cache and replay cache management, keytab

ﬁle management, memory management, principal name style mapping and operating system speciﬁc

calls. The

<krb5.h> header ﬁle should be included in the application that uses APIs from

libkrb5.so/libkrb5.sl library.

libk5crypto.so/libk5crypto.sl, which is linked to

libkrb5.so/libkrb5.sl, will provide

the encryption and decryption APIs. A user should not link this library directly with an application. In

order to add authentication, an application may need to call one or more APIs of the Kerberos library,

which results in the transmission of the necessary messages to achieve authentication.

libcom_err.so/libcom_err.sl implements Kerberos library error code tables. There are

separate error code tables for database, magic numbers and ASN.1 APIs. Based on the failure in the API,

the user may get an error from these tables using the appropriate com_err() API. The <com_err.h>

header ﬁle should be included in the application that uses routines from the

libcom_err.so/libcom_err.sl library. Executable ﬁles must be linked with -lcom_err in

order to cause the com_err library to be included.

The functionalities of the APIs implemented in Kerberos client libraries are given below.

krb5_context Management APIs

The context is designed to represent per process state. The Global parameters which are "context" speciﬁc

are stored in this structure. The structure contains default realm, default encryption type, default

conﬁguration ﬁles and the like. APIs will provide full access to the data structure stored in the context

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
libkrb5(3) libkrb5(3) NAME libkrb5: libkrb5.sl, libkrb5.so, libcom_err.sl, libcom_err.so, libk5crypto.sl, libk5crypto.so - Kerberos client libraries SYNOPSIS 32-Bit Libraries on Itanium-based Systems /usr/lib/hpux32/libkrb5.so /usr/lib/hpux32/libcom_err.so /usr/lib/hpux32/libk5crypto.so 64-Bit Libraries on Itanium-based Systems /usr/lib/hpux64/libkrb5.so /usr/lib/hpux64/libcom_err.so /usr/lib/hpux64/libk5crypto.so 32-Bit Libraries on PA-RISC Systems /usr/lib/libkrb5.sl /usr/lib/libcom_err.
PAGE 2
libkrb5(3) and should libkrb5(3) not be accessed directly krb5_init_context(), krb5_set_default_in_tkt_etypes(). by developers. Some of the krb5_free_context(), common APIs are and The encryption types which are retrieved from the context and stored in the etypes should be freed by the caller. krb5_auth_context Management APIs The auth_context is a per-connection context and is used by the various APIs involved directly in client/server authentication.
PAGE 3
libkrb5(3) libkrb5(3) Operating System-Specific APIs These APIs provide an interface between the other parts of the libkrb5 libraries and the operating system. These include APIs to allow access to configuration specific information, disk based I/O operations, network based operations and operating system specific access APIs.
PAGE 4
(Notes) A (Notes) lA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010