krb5_rd_rep()--Process Kerberos AP_REP Message

Syntax

 #include <krb5.h>

 krb5_error_code krb5_rd_rep(
     krb5_context       context,
     krb5_auth_context      auth_context,  
     krb5_const krb5_data *   in_data,
     krb5_ap_rep_enc_part **    reply);

  Service Program Name: QSYS/QKRBGSS

  Default Public Authority: *USE

  Threadsafe: Conditional. See Usage Notes.

The krb5_rd_rep() function processes a Kerberos AP_REP message created by the krb5_mk_rep() routine. The authentication context is updated with sequencing information obtained from the reply message.

Authorities

No authorities are required.

Parameters

context (Input): The Kerberos context.
auth_context (Input/Output): The authentication context.
in_data (Input): The buffer containing the AP_REP message.
reply (Output): The decrypted reply data. The krb5_free_ap_rep_enc_part() routine should be called to release the reply when it is no longer needed.

Return Value

If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.

Error Messages

Message ID	Error Message Text
CPE3418 E	Possible APAR condition or hardware failure.

Usage Notes

The Kerberos protocol runtime provides no concurrency control for the authentication context. If the application wants to use the same authentication context in multiple threads, it is the responsibility of the application to serialize access to the authentication context so that only a single thread is accessing the authentication context at any time. Because message sequence numbers are contained in the authentication context, this serialization needs to be extended to encompass the message exchange between the two applications. Otherwise, message sequence errors are liable to occur if the messages are delivered out of sequence.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]