[531] in Kerberos_V5_Development
Re: new protocol code installed
jtkohl@ATHENA.MIT.EDU (jtkohl@ATHENA.MIT.EDU)
Tue Dec 18 16:46:38 1990
All of the function prototypes in <krb5/func-proto.h> have been properly
updated. This is a summary:
krb5_mk_req_extended gets two new (optional) arguments. Use 0 if you
don't care to use them:
an initial sequence number for use in KRB_SAFE or KRB_PRIV
messages from client to server
a subkey to start negotiations between client and server for a
"real" session key
krb5_mk_priv, krb5_mk_safe gets two new arguments:
a flag field to disable timestamps and/or enable sequence
number use
a sequence number (only used if flag says to use it)
krb5_rd_priv, krb5_rd_safe gets two new arguments:
a flag field to disable timestamps and/or enable sequence
number checks
an expected sequence number (only used if flag says to use it)
krb5_mk_safe, krb5_mk_priv, krb5_rd_safe, krb5_rd_priv all no longer use
a krb5_fulladdr * for client & server; they only use a krb5_address *.
krb5_send_tgs gets a new argument, for pa_data to be included in the
request.
krb5_get_in_tkt's key-providing procedure arg now takes a pa_data **
from the KDC response.
krb5_principal2salt is a new function to convert a principal into a salt
for the string2key routines.
string_to_key routines in the encryption interface now take a salt
rather than a principal
krb5_free_pa_data, krb5_free_ap_rep_enc_part are new functions to free
structures and associated baggage.
The krb5_ap_rep structure now has room for an optional subkey for the
server to specify a key to be used by the client and an optional
sequence number for KRB_PRIV or KRB_SAFE messages sent from server to
client. See the RFC draft-in-progress section 3.2.6 for details on
using/selecting the key; see section 3.2.2 for pointers on choosing an
initial sequence number.
