Difference between revisions of "Samba4 port: libkdc Interface"
From K5Wiki
| Line 62: | Line 62: | ||
|} |
|} |
||
| − | == krb5_kdc_process_request == |
||
| + | == Handling Krb5 Traffic == |
||
Via the krb5_kdc_process_krb5_request() entry point, |
Via the krb5_kdc_process_krb5_request() entry point, |
||
Samba4 uses the following Heimdal KDC functions: |
Samba4 uses the following Heimdal KDC functions: |
||
| Line 169: | Line 169: | ||
== config handling == |
== config handling == |
||
| + | Heimdal has a run-time apparatus for managing the |
||
| + | KDC's configuration, while MIT-krb uses a simple configuration file. |
||
| + | # Samba4 passes configuratio to the KDC, using the krb5_kdc_configuration{} structure. |
||
| + | # Samba4 uses the libkdc entry-point krb5_kdc_get_config() to initialize the krb5_kdc_configuration{} structure; |
||
| + | # As of Sept '09, Samba4 does not change this config structre's contents at runtime, except in one place: if hx509 fails to find a user cert, hx509 turns itself off. |
||
| + | |||
| + | {| class="wikitable sortable" width="100%" border="1" style="border-collapse: collapse; border: 1px solid #dfdfdf;" |
||
| + | | bgcolor="#660066" |<font color="#ffffff">'''Protocol'''</font> |
||
| + | | bgcolor="#660066" |<font color="#ffffff">'''Heimdal fcn''' </font> |
||
| + | | bgcolor="#660066" |<font color="#ffffff">'''MIT-krb fcn'''</font> |
||
| + | |||
| + | |} |
||
---- |
---- |
||
Revision as of 12:05, 10 September 2009
libkdc Entry Points
| Entry Point | Samba4 file | Samba4 callers |
| kdc_log() | kdc/log.c | no |
| kdc_log_msg() | kdc/log.c | no |
| kdc_log_msg_va() | kdc/log.c | no |
| kdc_openlog() | kdc/log.c | no |
| krb5_kdc_get_config() | kdc/default_config.c | kdc/kdc.c |
| krb5_kdc_process_krb5_request() | kdc/process.c | kdc/kdc.c |
| krb5_kdc_process_request() | kdc/process.c | no |
| krb5_kdc_set_dbinfo() | kdc/set_dbinfo.c | no |
| krb5_kdc_save_request() | kdc/process.c | no |
| krb5_kdc_update_time() | kdc/process.c | kdc/kdc.c |
| krb5_kdc_windc_init() | kdc/windc.c | kdc/kdc.c |
Handling Krb5 Traffic
Via the krb5_kdc_process_krb5_request() entry point, Samba4 uses the following Heimdal KDC functions:
| Protocol | Heimdal fcn | MIT-krb fcn |
| AS | decode_AS_REQ() | decode_krb5_as_req() |
| AS | free_AS_REQ() | krb5_free_kdc_req() |
| AS | _kdc_as_rep() | process_as_req() |
| TGS | decode_TGS_REQ() | decode_krb5_tgs_req() |
| TGS | free_TGS_REQ() | krb5_free_kdc_req() |
| TGS | _kdc_tgs_rep() | process_tgs_req() |
| krb524 | decode_ticket() | krb5_decode_ticket() |
| krb524 | _kdc_do_524 | <deprecated> |
| krb524 | free_Ticket() | no |
| digest auth | decode_DigestREQ() | no |
| digest auth | free_DigestREQ() | no |
| digest auth | _kdc_do_digest() | no |
| kx509 | _kdc_try_kx509_request() | no |
| kx509 | _kdc_do_kx509() | no |
| kx509 | free_Kx509Request() | no |
| krb v4 | _kdc_maybe_version4 | deprecated? |
| krb v4 | _kdc_do_version4 | deprecated |
| AFS | _kdc_do_kaserver() | deprecated? |
Caution: libkdc has another similarly-named function, but Samba4 uses only one of these two functions:
- krb5_kdc_process_krb5_request() gets used by Samba4
- krb5_kdc_process_request() doesn't.
config handling
Heimdal has a run-time apparatus for managing the KDC's configuration, while MIT-krb uses a simple configuration file.
- Samba4 passes configuratio to the KDC, using the krb5_kdc_configuration{} structure.
- Samba4 uses the libkdc entry-point krb5_kdc_get_config() to initialize the krb5_kdc_configuration{} structure;
- As of Sept '09, Samba4 does not change this config structre's contents at runtime, except in one place: if hx509 fails to find a user cert, hx509 turns itself off.
| Protocol | Heimdal fcn | MIT-krb fcn |
