1c1,3
< .\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $
---
> .\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska H�gskolan
> .\" (Royal Institute of Technology, Stockholm, Sweden).
> .\" All rights reserved.
3,4c5,35
< .Dd May 7, 1997
< .Os KTH-KRB
---
> .\" Redistribution and use in source and binary forms, with or without
> .\" modification, are permitted provided that the following conditions
> .\" are met:
> .\"
> .\" 1. Redistributions of source code must retain the above copyright
> .\" notice, this list of conditions and the following disclaimer.
> .\"
> .\" 2. Redistributions in binary form must reproduce the above copyright
> .\" notice, this list of conditions and the following disclaimer in the
> .\" documentation and/or other materials provided with the distribution.
> .\"
> .\" 3. Neither the name of the Institute nor the names of its contributors
> .\" may be used to endorse or promote products derived from this software
> .\" without specific prior written permission.
> .\"
> .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> .\" SUCH DAMAGE.
> .\"
> .\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $
> .\"
> .Dd Mar 17, 2003
> .Os HEIMDAL
11a43,45
> .Nm kafs_set_verbose ,
> .Nm kafs_settoken_rxkad ,
> .Nm kafs_settoken ,
14,15c48,50
< .\" .Nm krb5_afslog ,
< .\" .Nm krb5_afslog_uid
---
> .Nm kafs_settoken5 ,
> .Nm krb5_afslog ,
> .Nm krb5_afslog_uid
20c55
< .Fd #include <kafs.h>
---
> .In kafs.h
24c59
< .Fn k_hasafs
---
> .Fn k_hasafs "void"
28c63
< .Fn k_setpag
---
> .Fn k_setpag "void"
30c65,67
< .Fn k_unlog
---
> .Fn k_unlog "void"
> .Ft void
> .Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
31a69,71
> .Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
> .Ft int
> .Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
35,38c75,80
< .\" .Ft krb5_error_code
< .\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
< .\" .Ft krb5_error_code
< .\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
---
> .Ft krb5_error_code
> .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
> .Ft int
> .Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
> .Ft krb5_error_code
> .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
46a89,118
> .Fn kafs_set_verbose
> set a log function that will be called each time the kafs library does
> something important so that the application using libkafs can output
> verbose logging.
> Calling the function
> .Fa kafs_set_verbose
> with the function argument set to
> .Dv NULL
> will stop libkafs from calling the logging function (if set).
> .Pp
> .Fn kafs_settoken_rxkad
> set
> .Li rxkad
> with the
> .Fa token
> and
> .Fa ticket
> (that have the length
> .Fa ticket_len )
> for a given
> .Fa cell .
> .Pp
> .Fn kafs_settoken
> and
> .Fn kafs_settoken5
> work the same way as
> .Fn kafs_settoken_rxkad
> but internally converts the Kerberos 4 or 5 credential to a afs
> cleartoken and ticket.
> .Pp
72,78c144,191
< .\" .Fn krb5_afslog ,
< .\" and
< .\" .Fn krb5_afslog_uid
< .\" are the Kerberos 5 equivalents of
< .\" .Fn krb_afslog ,
< .\" and
< .\" .Fn krb_afslog_uid .
---
> .Fn krb5_afslog ,
> and
> .Fn krb5_afslog_uid
> are the Kerberos 5 equivalents of
> .Fn krb_afslog ,
> and
> .Fn krb_afslog_uid .
> .Pp
> .Fn krb5_afslog ,
> .Fn kafs_settoken5
> can be configured to behave diffrently via a
> .Nm krb5_appdefault
> option
> .Li afs-use-524
> in
> .Pa krb5.conf .
> Possible values for
> .Li afs-use-524
> are:
> .Bl -tag -width local
> .It yes
> use the 524 server in the realm to convert the ticket
> .It no
> use the Kerberos 5 ticket directly, can be used with if the afs cell
> support 2b token.
> .It local, 2b
> convert the Kerberos 5 credential to a 2b token locally (the same work
> as a 2b 524 server should have done).
> .El
> .Pp
> Example:
> .Pp
> .Bd -literal
> [appdefaults]
> SU.SE = { afs-use-524 = local }
> PDC.KTH.SE = { afs-use-524 = yes }
> afs-use-524 = yes
> .Ed
> .Pp
> libkafs will use the
> .Li libkafs
> as application name when running the
> .Nm krb5_appdefault
> function call.
> .Pp
> The (uppercased) cellname is used as the realm to the
> .Nm krb5_appdefault function.
> .Pp
112c225
< returns 0 on success, or a kerberos error number on failure.
---
> returns 0 on success, or a Kerberos error number on failure.
148c261
< is called without AFS beeing present in the kernel, the process will
---
> is called without AFS being present in the kernel, the process will
156a270,272
> .Pp
> .Xr krb5_appdefaults 3 ,
> .Xr krb5.conf 5
< .\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $
---
> .\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska H�gskolan
> .\" (Royal Institute of Technology, Stockholm, Sweden).
> .\" All rights reserved.
3,4c5,35
< .Dd May 7, 1997
< .Os KTH-KRB
---
> .\" Redistribution and use in source and binary forms, with or without
> .\" modification, are permitted provided that the following conditions
> .\" are met:
> .\"
> .\" 1. Redistributions of source code must retain the above copyright
> .\" notice, this list of conditions and the following disclaimer.
> .\"
> .\" 2. Redistributions in binary form must reproduce the above copyright
> .\" notice, this list of conditions and the following disclaimer in the
> .\" documentation and/or other materials provided with the distribution.
> .\"
> .\" 3. Neither the name of the Institute nor the names of its contributors
> .\" may be used to endorse or promote products derived from this software
> .\" without specific prior written permission.
> .\"
> .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
> .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
> .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> .\" SUCH DAMAGE.
> .\"
> .\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $
> .\"
> .Dd Mar 17, 2003
> .Os HEIMDAL
11a43,45
> .Nm kafs_set_verbose ,
> .Nm kafs_settoken_rxkad ,
> .Nm kafs_settoken ,
14,15c48,50
< .\" .Nm krb5_afslog ,
< .\" .Nm krb5_afslog_uid
---
> .Nm kafs_settoken5 ,
> .Nm krb5_afslog ,
> .Nm krb5_afslog_uid
20c55
< .Fd #include <kafs.h>
---
> .In kafs.h
24c59
< .Fn k_hasafs
---
> .Fn k_hasafs "void"
28c63
< .Fn k_setpag
---
> .Fn k_setpag "void"
30c65,67
< .Fn k_unlog
---
> .Fn k_unlog "void"
> .Ft void
> .Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
31a69,71
> .Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
> .Ft int
> .Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
35,38c75,80
< .\" .Ft krb5_error_code
< .\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
< .\" .Ft krb5_error_code
< .\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
---
> .Ft krb5_error_code
> .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
> .Ft int
> .Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
> .Ft krb5_error_code
> .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
46a89,118
> .Fn kafs_set_verbose
> set a log function that will be called each time the kafs library does
> something important so that the application using libkafs can output
> verbose logging.
> Calling the function
> .Fa kafs_set_verbose
> with the function argument set to
> .Dv NULL
> will stop libkafs from calling the logging function (if set).
> .Pp
> .Fn kafs_settoken_rxkad
> set
> .Li rxkad
> with the
> .Fa token
> and
> .Fa ticket
> (that have the length
> .Fa ticket_len )
> for a given
> .Fa cell .
> .Pp
> .Fn kafs_settoken
> and
> .Fn kafs_settoken5
> work the same way as
> .Fn kafs_settoken_rxkad
> but internally converts the Kerberos 4 or 5 credential to a afs
> cleartoken and ticket.
> .Pp
72,78c144,191
< .\" .Fn krb5_afslog ,
< .\" and
< .\" .Fn krb5_afslog_uid
< .\" are the Kerberos 5 equivalents of
< .\" .Fn krb_afslog ,
< .\" and
< .\" .Fn krb_afslog_uid .
---
> .Fn krb5_afslog ,
> and
> .Fn krb5_afslog_uid
> are the Kerberos 5 equivalents of
> .Fn krb_afslog ,
> and
> .Fn krb_afslog_uid .
> .Pp
> .Fn krb5_afslog ,
> .Fn kafs_settoken5
> can be configured to behave diffrently via a
> .Nm krb5_appdefault
> option
> .Li afs-use-524
> in
> .Pa krb5.conf .
> Possible values for
> .Li afs-use-524
> are:
> .Bl -tag -width local
> .It yes
> use the 524 server in the realm to convert the ticket
> .It no
> use the Kerberos 5 ticket directly, can be used with if the afs cell
> support 2b token.
> .It local, 2b
> convert the Kerberos 5 credential to a 2b token locally (the same work
> as a 2b 524 server should have done).
> .El
> .Pp
> Example:
> .Pp
> .Bd -literal
> [appdefaults]
> SU.SE = { afs-use-524 = local }
> PDC.KTH.SE = { afs-use-524 = yes }
> afs-use-524 = yes
> .Ed
> .Pp
> libkafs will use the
> .Li libkafs
> as application name when running the
> .Nm krb5_appdefault
> function call.
> .Pp
> The (uppercased) cellname is used as the realm to the
> .Nm krb5_appdefault function.
> .Pp
112c225
< returns 0 on success, or a kerberos error number on failure.
---
> returns 0 on success, or a Kerberos error number on failure.
148c261
< is called without AFS beeing present in the kernel, the process will
---
> is called without AFS being present in the kernel, the process will
156a270,272
> .Pp
> .Xr krb5_appdefaults 3 ,
> .Xr krb5.conf 5