Crate rasn_kerberos

Kerberos Version 5

This is an implementation of the data types from RFC 4120 also known as “Kerberos V5”. Kerberos is an authentication framework for verifying identities of “principals” (e.g. a user or network server) on an open unprotected network.

This is accomplished without relying on assertions by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that packets traveling along the network can be read, modified, and inserted at will. Kerberos performs authentication under these conditions as a trusted third-party authentication service by using conventional (shared secret key) cryptography.

Like other rasn core crates this crate does not provide the ability to authenticate on its own, but provides shared data types to create your own Kerberos clients and servers.

Modules

• otp
  One-Time Password Pre-authentication

Structs

• AdAndOr
  Used to implement an “or” operation by setting the condition-count field to 1, and it may specify an “and” operation by setting the condition count to the number of embedded elements.
• AdCammac
• AdKdcIssued
  Provides a means for Kerberos principal credentials to embed within themselves privilege attributes and other mechanisms for positive authorization.
• AdLoginAlias
• ApOptions
  Options for ApReq.
• ApRep
• ApReq
• AsRep
  The initial KDC response.
• AsReq
  Initial ticket request.
• Authenticator
  The authenticator included in the ApReq.
• AuthorizationDataValue
• Checksum
  Checksum of cleartext data.
• EncApRepPart
  The body of ApRep.
• EncAsRepPart
  The encrypted initial request.
• EncKdcRepPart
  The encrypted part of the KdcRep body.
• EncKrbCredPart
  The body of KrbCred.
• EncKrbPrivPart
  The body of KrbPriv.
• EncTgsRepPart
  The encrypted subsequent request.
• EncTicketPart
  The encrypted part of a Ticket.
• EncryptedData
  Container for arbitrary encrypted data
• EncryptionKey
  The means by which cryptographic keys used for encryption are transferred.
• EtypeInfo2Entry
• EtypeInfoEntry
• HostAddress
  The address of a given host.
• KdcOptions
• KdcRep
  The main KDC body.
• KdcReq
  The ticket request struct.
• KdcReqBody
  The remaining fields in ticket request. If a checksum is generated for the request, it is done using this field.
• KerberosTime
• KrbCred
  Message that can be used to send Kerberos credentials from one principal to another.
• KrbCredInfo
  The tickets and information needed to use them in KrbCred.
• KrbError
  An error from Kerberos.
• KrbPriv
• KrbSafe
  Message containing user data along with a collision-proof checksum keyed with the last encryption key negotiated via subkeys, or with the session key if no negotiation has occurred.
• KrbSafeBody
  The body of KrbSafe.
• LastReqValue
  The time of the last request.
• PaData
  Pre-Authenication data.
• PaEncTsEnc
• PrincipalName
  The name of the party to verify. Taken together, a PrincipalName and a Realm form a principal identifier.
• TgsRep
  Subsequent KDC response.
• TgsReq
  Additional ticket request.
• Ticket
  Record that helps a client authenticate to a service.
• TicketFlags
  Various options that were used or requested when the ticket was issued.
• TransitedEncoding
• TypedDataItem
• VerifierMac

Enums

• Verifier

Constants

• OID

Type Aliases

• AdIfRelevant
  Element are intended for interpretation only by application servers that understand the particular type of the embedded element.
• AdMandatoryForKdc
• AuthorizationData
  Authorization data.
• ETypeList
• EtypeInfo
• EtypeInfo2
• HostAddresses
• KerberosFlags
• KerberosString
• LastReq
• MethodData
• Microseconds
• PaEncTimestamp
• Realm
  The name of the authentication server.
• TypedData