|
|
|
|
krb_realmofhost, krb_get_phost, krb_get_krbhst,
krb_get_admhst, krb_get_lrealm - additional Kerberos util-
ity routines
SYNOPSIS
#include <krb.h>
#include <des.h>
#include <netinet/in.h>
char *krb_realmofhost(host)
char *host;
char *krb_get_phost(alias)
char *alias;
krb_get_krbhst(host,realm,n)
char *host;
char *realm;
int n;
krb_get_admhst(host,realm,n)
char *host;
char *realm;
int n;
krb_get_lrealm(realm,n)
char *realm;
int n;
DESCRIPTION
krb_realmofhost returns the Kerberos realm of the host
host, as determined by the translation table
/etc/krb.realms. host should be the fully-qualified
domain-style primary host name of the host in question.
In order to prevent certain security attacks, this routine
must either have a priori knowledge of a host's realm, or
obtain such information securely.
The format of the translation file is described by
krb.realms(5). If host exactly matches a host_name line,
the corresponding realm is returned. Otherwise, if the
domain portion of host matches a domain_name line, the
corresponding realm is returned. If host contains a
domain, but no translation is found, host's domain is con-
verted to upper-case and returned. If host contains no
discernable domain, or an error occurs, the local realm
name, as supplied by krb_get_lrealm(3), is returned.
krb_get_phost converts the hostname alias (which can be
either an official name or an alias) into the instance
name to be used in obtaining Kerberos tickets for most
services, including the Berkeley rcmd suite (rlogin, rcp,
the official domain-style name after conversion to lower
case.
krb_get_krbhst fills in host with the hostname of the nth
host running a Kerberos key distribution center (KDC) for
realm realm, as specified in the configuration file
(/etc/krb.conf). The configuration file is described by
krb.conf(5). If the host is successfully filled in, the
routine returns KSUCCESS. If the file cannot be opened,
and n equals 1, then the value of KRB_HOST as defined in
<krb.h> is filled in, and KSUCCESS is returned. If there
are fewer than n hosts running a Kerberos KDC for the
requested realm, or the configuration file is malformed,
the routine returns KFAILURE.
krb_get_admhst fills in host with the hostname of the nth
host running a Kerberos KDC database administration server
for realm realm, as specified in the configuration file
(/etc/krb.conf). If the file cannot be opened or is mal-
formed, or there are fewer than n hosts running a Kerberos
KDC database administration server, the routine returns
KFAILURE.
The character arrays used as return values for
krb_get_krbhst, krb_get_admhst, should be large enough to
hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
krb_get_lrealm fills in realm with the nth realm of the
local host, as specified in the configuration file. realm
should be at least REALM_SZ (from <krb.h>)characterslong.
SEE ALSO
kerberos(3), krb.conf(5), krb.realms(5)
FILES
/etc/krb.realms translation file for host-to-realm
mapping.
/etc/krb.conf local realm-name and realm/server con-
figuration file.
BUGS
The current convention for instance names is too limited;
the full domain name should be used.
krb_get_lrealm currently only supports n = 1. It should
really consult the user's ticket cache to determine the
user's current realm, rather than consulting a file on the
host.
|
|
 |
 |
 |
Copyright © 2000-2008 Inside Mac Media, Inc. All rights reserved. |
Apple assumes no responsibility with regard to the selection, performance, or use of the products or services. All understandings, agreements, or warranties, if any, take place directly between the vendors and prospective users. |
| Apple, the Apple logo, Mac, PowerMac G4, PowerMac G5, Xserve, Xserve RAID, PowerBook, iBook, Airport, AirPort Extreme, iMac, eMac, iLife, iMovie, iCal, iPhoto, iTunes, QuickTime, FireWire, iPod, iSight, AppleWorks, Macintosh, Jaguar, Panther, Mac OS, Mac OS X and Mac OS X Server are trademarks of Apple Computer, Inc. |
