summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/kafs/kafs.3
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/kafs/kafs.3')
-rw-r--r--crypto/heimdal/lib/kafs/kafs.3160
1 files changed, 138 insertions, 22 deletions
diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3
index 934d121..c6cff4d 100644
--- a/crypto/heimdal/lib/kafs/kafs.3
+++ b/crypto/heimdal/lib/kafs/kafs.3
@@ -1,7 +1,38 @@
-.\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $
+.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska Högskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
.\"
-.Dd May 7, 1997
-.Os KTH-KRB
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $
+.\"
+.Dd Mar 17, 2003
+.Os HEIMDAL
.Dt KAFS 3
.Sh NAME
.Nm k_hasafs ,
@@ -9,33 +40,44 @@
.Nm k_unlog ,
.Nm k_setpag ,
.Nm k_afs_cell_of_file ,
+.Nm kafs_set_verbose ,
+.Nm kafs_settoken_rxkad ,
+.Nm kafs_settoken ,
.Nm krb_afslog ,
.Nm krb_afslog_uid
-.\" .Nm krb5_afslog ,
-.\" .Nm krb5_afslog_uid
+.Nm kafs_settoken5 ,
+.Nm krb5_afslog ,
+.Nm krb5_afslog_uid
.Nd AFS library
.Sh LIBRARY
AFS cache manager access library (libkafs, -lkafs)
.Sh SYNOPSIS
-.Fd #include <kafs.h>
+.In kafs.h
.Ft int
.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
.Ft int
-.Fn k_hasafs
+.Fn k_hasafs "void"
.Ft int
.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
.Ft int
-.Fn k_setpag
+.Fn k_setpag "void"
.Ft int
-.Fn k_unlog
+.Fn k_unlog "void"
+.Ft void
+.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
.Ft int
+.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
+.Ft int
+.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
.Fn krb_afslog "char *cell" "char *realm"
.Ft int
.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-.\" .Ft krb5_error_code
-.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-.\" .Ft krb5_error_code
-.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
+.Ft krb5_error_code
+.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
+.Ft int
+.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
+.Ft krb5_error_code
+.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
.Sh DESCRIPTION
.Fn k_hasafs
initializes some library internal structures, and tests for the
@@ -44,6 +86,36 @@ called before
.Fn k_hasafs
is called, or if it fails.
.Pp
+.Fn kafs_set_verbose
+set a log function that will be called each time the kafs library does
+something important so that the application using libkafs can output
+verbose logging.
+Calling the function
+.Fa kafs_set_verbose
+with the function argument set to
+.Dv NULL
+will stop libkafs from calling the logging function (if set).
+.Pp
+.Fn kafs_settoken_rxkad
+set
+.Li rxkad
+with the
+.Fa token
+and
+.Fa ticket
+(that have the length
+.Fa ticket_len )
+for a given
+.Fa cell .
+.Pp
+.Fn kafs_settoken
+and
+.Fn kafs_settoken5
+work the same way as
+.Fn kafs_settoken_rxkad
+but internally converts the Kerberos 4 or 5 credential to a afs
+cleartoken and ticket.
+.Pp
.Fn krb_afslog ,
and
.Fn krb_afslog_uid
@@ -69,13 +141,54 @@ field in the token,
will use
.Fa uid .
.Pp
-.\" .Fn krb5_afslog ,
-.\" and
-.\" .Fn krb5_afslog_uid
-.\" are the Kerberos 5 equivalents of
-.\" .Fn krb_afslog ,
-.\" and
-.\" .Fn krb_afslog_uid .
+.Fn krb5_afslog ,
+and
+.Fn krb5_afslog_uid
+are the Kerberos 5 equivalents of
+.Fn krb_afslog ,
+and
+.Fn krb_afslog_uid .
+.Pp
+.Fn krb5_afslog ,
+.Fn kafs_settoken5
+can be configured to behave diffrently via a
+.Nm krb5_appdefault
+option
+.Li afs-use-524
+in
+.Pa krb5.conf .
+Possible values for
+.Li afs-use-524
+are:
+.Bl -tag -width local
+.It yes
+use the 524 server in the realm to convert the ticket
+.It no
+use the Kerberos 5 ticket directly, can be used with if the afs cell
+support 2b token.
+.It local, 2b
+convert the Kerberos 5 credential to a 2b token locally (the same work
+as a 2b 524 server should have done).
+.El
+.Pp
+Example:
+.Pp
+.Bd -literal
+[appdefaults]
+ SU.SE = { afs-use-524 = local }
+ PDC.KTH.SE = { afs-use-524 = yes }
+ afs-use-524 = yes
+.Ed
+.Pp
+libkafs will use the
+.Li libkafs
+as application name when running the
+.Nm krb5_appdefault
+function call.
+.Pp
+The (uppercased) cellname is used as the realm to the
+.Nm krb5_appdefault function.
+.Pp
.\" The extra arguments are the ubiquitous context, and the cache id where
.\" to store any obtained tickets. Since AFS servers normally can't handle
.\" Kerberos 5 tickets directly, these functions will first obtain version
@@ -109,7 +222,7 @@ returns 1 if AFS is present in the kernel, 0 otherwise.
.Fn krb_afslog
and
.Fn krb_afslog_uid
-returns 0 on success, or a kerberos error number on failure.
+returns 0 on success, or a Kerberos error number on failure.
.Fn k_afs_cell_of_file ,
.Fn k_pioctl ,
.Fn k_setpag ,
@@ -145,7 +258,7 @@ if (k_hasafs()) {
.Sh ERRORS
If any of these functions (apart from
.Fn k_hasafs )
-is called without AFS beeing present in the kernel, the process will
+is called without AFS being present in the kernel, the process will
usually (depending on the operating system) receive a SIGSYS signal.
.Sh SEE ALSO
.Rs
@@ -154,6 +267,9 @@ usually (depending on the operating system) receive a SIGSYS signal.
.%T File Server/Cache Manager Interface
.%D 1991
.Re
+.Pp
+.Xr krb5_appdefaults 3 ,
+.Xr krb5.conf 5
.Sh BUGS
.Ev AFS_SYSCALL
has no effect under AIX.
OpenPOWER on IntegriCloud