1226031Sstas<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2226031Sstas<html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> 3226031Sstas<title>HeimdalKerberos5library: The keytab handing functions</title> 4226031Sstas<link href="doxygen.css" rel="stylesheet" type="text/css"> 5226031Sstas<link href="tabs.css" rel="stylesheet" type="text/css"> 6226031Sstas</head><body> 7226031Sstas<p> 8226031Sstas<a href="http://www.h5l.org/"><img src="http://www.h5l.org/keyhole-heimdal.png" alt="keyhole logo"/></a> 9226031Sstas</p> 10226031Sstas<!-- end of header marker --> 11226031Sstas<!-- Generated by Doxygen 1.5.6 --> 12226031Sstas<div class="navigation" id="top"> 13226031Sstas <div class="tabs"> 14226031Sstas <ul> 15226031Sstas <li><a href="index.html"><span>Main Page</span></a></li> 16226031Sstas <li><a href="pages.html"><span>Related Pages</span></a></li> 17226031Sstas <li><a href="modules.html"><span>Modules</span></a></li> 18226031Sstas <li><a href="annotated.html"><span>Data Structures</span></a></li> 19226031Sstas </ul> 20226031Sstas </div> 21226031Sstas</div> 22226031Sstas<div class="contents"> 23226031Sstas<h1><a class="anchor" name="krb5_keytab_intro">The keytab handing functions </a></h1><h2><a class="anchor" name="section_krb5_keytab"> 24226031SstasKerberos Keytabs</a></h2> 25226031SstasSee the library functions here: <a class="el" href="group__krb5__keytab.html">Heimdal Kerberos 5 keytab handling functions</a><p> 26226031SstasKeytabs are long term key storage for servers, their equvalment of password files.<p> 27226031SstasNormally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() <a class="el" href="group__krb5__keytab.html#gc57fead58fb1baa003d6438613731901">krb5_kt_resolve()</a>, and <a class="el" href="group__krb5__keytab.html#gb67f5ae0a7c4b87d193218b842cad590">krb5_kt_close()</a>.<h3><a class="anchor" name="krb5_keytab_names"> 28226031SstasKeytab names</a></h3> 29226031SstasA keytab name is on the form type:residual. The residual part is specific to each keytab-type.<p> 30226031SstasWhen a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is FILE.<p> 31226031SstasThe default value can be changed in the configuration file /etc/krb5.conf by setting the variable [defaults]default_keytab_name.<p> 32226031SstasThe keytab types that are implemented in Heimdal are:<ul> 33226031Sstas<li>file store the keytab in a file, the type's name is FILE . The residual part is a filename. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE has the same format as FILE. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format.</li></ul> 34226031Sstas<p> 35226031Sstas<ul> 36226031Sstas<li>keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE. The residual part is a filename.</li></ul> 37226031Sstas<p> 38226031Sstas<ul> 39226031Sstas<li>memory The keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored on disk. The type's name is MEMORY. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area. When the last user closes using <a class="el" href="group__krb5__keytab.html#gb67f5ae0a7c4b87d193218b842cad590">krb5_kt_close()</a> the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name.</li></ul> 40226031Sstas<h3><a class="anchor" name="krb5_keytab_example"> 41226031SstasKeytab example</a></h3> 42226031SstasThis is a minimalistic version of ktutil.<p> 43226031Sstas<div class="fragment"><pre class="fragment"><span class="keywordtype">int</span> 44226031Sstasmain (<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv) 45226031Sstas{ 46226031Sstas krb5_context context; 47226031Sstas krb5_keytab keytab; 48226031Sstas krb5_kt_cursor cursor; 49226031Sstas krb5_keytab_entry entry; 50226031Sstas krb5_error_code ret; 51226031Sstas <span class="keywordtype">char</span> *principal; 52226031Sstas 53226031Sstas <span class="keywordflow">if</span> (<a class="code" href="group__krb5.html#gbd94206e186c58a093975424a4a567a8">krb5_init_context</a> (&context) != 0) 54226031Sstas errx(1, <span class="stringliteral">"krb5_context"</span>); 55226031Sstas 56226031Sstas ret = <a class="code" href="group__krb5__keytab.html#gfcd059883c79dbd99a179bc4225d16b5">krb5_kt_default</a> (context, &keytab); 57226031Sstas <span class="keywordflow">if</span> (ret) 58226031Sstas krb5_err(context, 1, ret, <span class="stringliteral">"krb5_kt_default"</span>); 59226031Sstas 60226031Sstas ret = <a class="code" href="group__krb5__keytab.html#g1efd8ee48d6e3caa31cad475423b8917">krb5_kt_start_seq_get</a>(context, keytab, &cursor); 61226031Sstas <span class="keywordflow">if</span> (ret) 62226031Sstas krb5_err(context, 1, ret, <span class="stringliteral">"krb5_kt_start_seq_get"</span>); 63226031Sstas <span class="keywordflow">while</span>((ret = <a class="code" href="group__krb5__keytab.html#gc40140c41333a86d3c40426f50b4e1b0">krb5_kt_next_entry</a>(context, keytab, &entry, &cursor)) == 0){ 64226031Sstas <a class="code" href="group__krb5__principal.html#gac881051ed59fe0dcd08cee62280b332">krb5_unparse_name</a>(context, entry.principal, &principal); 65226031Sstas printf(<span class="stringliteral">"principal: %s\n"</span>, principal); 66226031Sstas free(principal); 67226031Sstas <a class="code" href="group__krb5__keytab.html#gc0774ab1407eaaaa0e5998478de246e2">krb5_kt_free_entry</a>(context, &entry); 68226031Sstas } 69226031Sstas ret = <a class="code" href="group__krb5__keytab.html#g11289efb407d93a1f84d5c64731a4bd1">krb5_kt_end_seq_get</a>(context, keytab, &cursor); 70226031Sstas <span class="keywordflow">if</span> (ret) 71226031Sstas krb5_err(context, 1, ret, <span class="stringliteral">"krb5_kt_end_seq_get"</span>); 72226031Sstas ret = <a class="code" href="group__krb5__keytab.html#gb67f5ae0a7c4b87d193218b842cad590">krb5_kt_close</a>(context, keytab); 73226031Sstas <span class="keywordflow">if</span> (ret) 74226031Sstas krb5_err(context, 1, ret, <span class="stringliteral">"krb5_kt_close"</span>); 75226031Sstas <a class="code" href="group__krb5.html#ge51d83f5d5f589883f1cd10887892777">krb5_free_context</a>(context); 76226031Sstas <span class="keywordflow">return</span> 0; 77226031Sstas} 78226031Sstas</pre></div> </div> 79226031Sstas<hr size="1"><address style="text-align: right;"><small> 80234027SstasGenerated on Wed Jan 11 14:07:47 2012 for HeimdalKerberos5library by <a href="http://www.doxygen.org/index.html"><img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.5.6</small></address> 81226031Sstas</body> 82226031Sstas</html> 83
