#include <krb5.h> krb5_error_code krb5_mk_req_extended( krb5_context context, krb5_auth_context * auth_context, krb5_const krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_data * out_data);Service Program Name: QSYS/QKRBGSS
The krb5_mk_req_extended() function creates a Kerberos AP_REQ message using supplied credentials. It is similar to the krb5_mk_req() routine, but the caller passes the actual credentials as a parameter rather than letting the Kerberos runtime construct the credentials. The checksum of the input data is included in the authenticator that is part of the AP_REQ message. This message is then sent to the partner application, which calls the krb5_rd_req() routine to extract the application data after validating the authenticity of the message. The checksum method set in the authentication context is used to generate the checksum.
No authorities are required.
AP_OPTS_USE_SESSION_KEY (x'40000000') | Use session key instead of server key. The credentials must include a ticket that is encrypted in the session key. |
AP_OPTS_MUTUAL_REQUIRED (x'20000000') | Mutual authentication required. |
AP_OPTS_USE_SUBKEY (x'00000001') | Generate a subsession key from the current session key obtained from the credentials. |
If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]