Expand description
§Kerberos Version 5
This is an implementation of the data types from RFC 4120 also known as “Kerberos V5”. Kerberos is an authentication framework for verifying identities of “principals” (e.g. a user or network server) on an open unprotected network.
This is accomplished without relying on assertions by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that packets traveling along the network can be read, modified, and inserted at will. Kerberos performs authentication under these conditions as a trusted third-party authentication service by using conventional (shared secret key) cryptography.
Like other rasn core crates this crate does not provide the ability to
authenticate on its own, but provides shared data types to create your own
Kerberos clients and servers.
Modules§
- otp
- One-Time Password Pre-authentication
Structs§
- AdAndOr
- Used to implement an “or” operation by setting the condition-count field to
1, and it may specify an “and” operation by setting the condition count to the number of embedded elements. - AdCammac
- AdKdc
Issued - Provides a means for Kerberos principal credentials to embed within themselves privilege attributes and other mechanisms for positive authorization.
- AdLogin
Alias - ApOptions
- Options for ApReq.
- ApRep
- ApReq
- AsRep
- The initial KDC response.
- AsReq
- Initial ticket request.
- Authenticator
- The authenticator included in the ApReq.
- Authorization
Data Value - Checksum
- Checksum of cleartext data.
- EncAp
RepPart - The body of ApRep.
- EncAs
RepPart - The encrypted initial request.
- EncKdc
RepPart - The encrypted part of the KdcRep body.
- EncKrb
Cred Part - The body of KrbCred.
- EncKrb
Priv Part - The body of KrbPriv.
- EncTgs
RepPart - The encrypted subsequent request.
- EncTicket
Part - The encrypted part of a Ticket.
- Encrypted
Data - Container for arbitrary encrypted data
- Encryption
Key - The means by which cryptographic keys used for encryption are transferred.
- Etype
Info2 Entry - Etype
Info Entry - Host
Address - The address of a given host.
- KdcOptions
- KdcRep
- The main KDC body.
- KdcReq
- The ticket request struct.
- KdcReq
Body - The remaining fields in ticket request. If a checksum is generated for the request, it is done using this field.
- Kerberos
Time - KrbCred
- Message that can be used to send Kerberos credentials from one principal to another.
- KrbCred
Info - The tickets and information needed to use them in KrbCred.
- KrbError
- An error from Kerberos.
- KrbPriv
- KrbSafe
- Message containing user data along with a collision-proof checksum keyed with the last encryption key negotiated via subkeys, or with the session key if no negotiation has occurred.
- KrbSafe
Body - The body of KrbSafe.
- Last
ReqValue - The time of the last request.
- PaData
- Pre-Authenication data.
- PaEnc
TsEnc - Principal
Name - The name of the party to verify. Taken together, a PrincipalName and a Realm form a principal identifier.
- TgsRep
- Subsequent KDC response.
- TgsReq
- Additional ticket request.
- Ticket
- Record that helps a client authenticate to a service.
- Ticket
Flags - Various options that were used or requested when the ticket was issued.
- Transited
Encoding - Typed
Data Item - Verifier
Mac
Enums§
Constants§
Type Aliases§
- AdIf
Relevant - Element are intended for interpretation only by application servers that
understand the particular
typeof the embedded element. - AdMandatory
ForKdc - Authorization
Data - Authorization data.
- EType
List - Etype
Info - Etype
Info2 - Host
Addresses - Kerberos
Flags - Kerberos
String - LastReq
- Method
Data - Microseconds
- PaEnc
Timestamp - Realm
- The name of the authentication server.
- Typed
Data