*** empty log message ***

[shishi.git] / doc / shishi.texi

\input texinfo                  @c -*- Texinfo -*-
@c Copyright (C) 2002, 2003 Simon Josefsson
@c
@c This file is part of the shishi
@c Permission is granted to copy, distribute and/or modify this document
@c under the terms of the GNU Free Documentation License, Version 1.1
@c or any later version published by the Free Software Foundation;
@c with the Invariant Sections being with no Invariant Sections, with the
@c no Front-Cover Texts, and with the no Back-Cover Texts.
@c A copy of the license is included in the section entitled ``GNU
@c Free Documentation License'' in the file 'fdl.texi'.
@c
@setfilename shishi.info
@include version.texi
@settitle The Shishi Manual

@c Unify some of the indices.
@syncodeindex tp fn
@syncodeindex pg fn

@copying
This is @cite{The Shishi Manual}, last updated @value{UPDATED}, for
Version @value{VERSION} of Shishi.

Copyright @copyright{} 2002, 2003 Simon Josefsson.

@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with the Front-Cover texts being ``A GNU Manual,''
and with the Back-Cover Texts as in (a) below.  A copy of the license
is included in the section entitled ``GNU Free Documentation
License.''

(a) The FSF's Back-Cover Text is: ``You have freedom to copy and
modify this GNU Manual, like GNU software.  Copies published by the
Free Software Foundation raise funds for GNU development.''
@end quotation
@end copying

@dircategory Net Utilities
@direntry
* shishi: (shishi).             An RFC 1510 implementation
@end direntry

@titlepage
@title The Shishi Manual
@subtitle for version @value{VERSION}, @value{UPDATED}
@author Simon Josefsson (@email{bug-shishi@@josefsson.org})
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage

@contents

@ifnottex
@node Top
@top Shishi
@insertcopying
@end ifnottex

@menu
* Introduction::                How to use this manual.
* User Manual::                 Using Shishi as end-user.
* Administration Manual::       Administrating server aspects of Shishi.
* Programming Manual::          Calling Shishi from a programming language.
* Acknowledgements::            Whom to blame.

Appendices

* Copying This Manual::         How you can copy and share this manual.
* Copying::                     How you can copy and share the source.

Indices

* Concept Index::               Index of concepts and programs.
* Function and Data Index::     Index of functions, variables and data types.
@end menu


@c **********************************************************
@c ********************  Introduction  **********************
@c **********************************************************
@node Introduction
@chapter Introduction

Shishi implements the RFC 1510 network security system, also known as
Kerberos 5.

@menu
* Getting Started::
* Features and Status::
* Overview::
* Cryptographic Overview::
* Supported Platforms::
* Bug Reports::
@end menu

@node Getting Started
@section Getting Started

This manual documents the Shishi application and library programming
interface.  All commands, functions and data types provided by Shishi
are explained.

The reader is assumed to possess basic familiarity with network
security and the RFC 1510 security system.

This manual can be used in several ways.  If read from the beginning
to the end, it gives a good introduction into the library and how it
can be used in an application.  Forward references are included where
necessary.  Later on, the manual can be used as a reference manual to
get just the information needed about any particular interface of the
library.  Experienced programmers might want to start looking at the
examples at the end of the manual, and then only read up those parts
of the interface which are unclear.

@node Features and Status
@section Features and Status

Shishi might have a couple of advantages over other packages doing a
similar job.

@table @asis
@item It's Free Software
Anybody can use, modify, and redistribute it under the terms of the GNU
General Public License (@pxref{Copying}).

@item It's thread-safe
The library uses no global variables.

@item It's internationalized
It handles non-ASCII username and passwords and user visible strings
used in the library (error messages) can be translated into the users'
language.

@item It's portable
It should work on all Unix like operating systems, including Windows.

@end table

Shishi is far from feature complete, it is not even a full RFC 1510
implementation yet.  However, some basic functionality is implemented.
A few implemented feature are mentioned below.

@itemize @bullet

@item Initial authentication (AS) from raw key or password.
This step is typically used to acquire a ticket granting ticket and,
less commonly, a server ticket.

@item Subsequent authentication (TGS).
This step is typically used to acquire a server ticket, by
authenticating yourself using the ticket granting ticket.

@item Client-Server authentication (AP).
This step is used by clients and servers to prove to each other who
they are, using negotiated tickets.

@item Integrity protected communication (SAFE).
This step is used by clients and servers to exchange integrity
protected data with each other.  The key is typically agreed on using
the Client-Server authentication step.

@item Ticket cache, supporting multiple principals and realms.
As tickets have a life time of typically several hours, they are
managed in disk files.  There can be multiple ticket caches, and each
ticket cache can store tickets for multiple clients (users), servers,
encryption types, etc.  Functionality is provided for locating the
proper ticket for every use.

@item Most standard cryptographic primitives.
The believed most secure algorithms are supported
(@pxref{Cryptographic Overview}).

@item Telnet client and server.
This is used to remotely login to other machines, after authenticating
yourself with a ticket.

@item PAM module.
This is used to login locally on a machine.

@item KDC addresses located using DNS SRV RRs.

@end itemize

The following table summarize what the current objectives are (i.e.,
the todo list) and an estimate on how long it will take to implement
the feature.  If you like to start working on anything, please let me
know so work duplication can be avoided.

@itemize @bullet

@item Pre-authentication support (week).

@item Cross-realm support (week).

@item Session keys in AP (week).

@item PKINIT (use libksba, weeks)

@item Finish GSSAPI support via GPL GSS (weeks)
Shishi will not support GSS, but a separate project ``GPL GSS'' is
under way to produce a generic GSS implementation, and it will use
Shishi to implement the Kerberos 5 mechanism.

@item Port to cyclone (cyclone need to mature first)

@item Modularize ASN.1 library so it can be replaced (days).
Almost done, all ASN.1 functionality is found in lib/asn1.c.

@item Modularize Crypto library so it can be replaced (days).
Nettle and libgcrypt are currently supported, but not via an abstract
interface.  All crypto operations has been isolated into
lib/crypto*.c.

@item KDC (initiated, weeks)

@item Set/Change password protocol (weeks?)

@item Port applications to use Shishi (indefinite)

@item Improve documentation

@item Improve internationalization

@item Add AP-REQ replay cache (week).

@end itemize

@node Overview
@section Overview

This section describes RFC 1510 from a protocol point of
view@footnote{The text is a lightly adapted version of the
introduction section from RFC 1510 by J. Kohl and C. Neuman, September
1993, unclear copyrights, but presumably owned by The Internet
Society.}.

Kerberos provides a means of verifying the identities of principals,
(e.g., a workstation user or a network server) on an open
(unprotected) network.  This is accomplished without relying on
authentication by the host operating system, without basing trust on
host addresses, without requiring physical security of all the hosts
on the network, and under the assumption that packets traveling along
the network can be read, modified, and inserted at will. (Note,
however, that many applications use Kerberos' functions only upon the
initiation of a stream-based network connection, and assume the
absence of any "hijackers" who might subvert such a connection.  Such
use implicitly trusts the host addresses involved.)  Kerberos performs
authentication under these conditions as a trusted third- party
authentication service by using conventional cryptography, i.e.,
shared secret key.  (shared secret key - Secret and private are often
used interchangeably in the literature.  In our usage, it takes two
(or more) to share a secret, thus a shared DES key is a secret key.
Something is only private when no one but its owner knows it.  Thus,
in public key cryptosystems, one has a public and a private key.)

The authentication process proceeds as follows: A client sends a
request to the authentication server (AS) requesting "credentials" for
a given server.  The AS responds with these credentials, encrypted in
the client's key.  The credentials consist of 1) a "ticket" for the
server and 2) a temporary encryption key (often called a "session
key").  The client transmits the ticket (which contains the client's
identity and a copy of the session key, all encrypted in the server's
key) to the server.  The session key (now shared by the client and
server) is used to authenticate the client, and may optionally be used
to authenticate the server.  It may also be used to encrypt further
communication between the two parties or to exchange a separate
sub-session key to be used to encrypt further communication.

The implementation consists of one or more authentication servers
running on physically secure hosts.  The authentication servers
maintain a database of principals (i.e., users and servers) and their
secret keys. Code libraries provide encryption and implement the
Kerberos protocol.  In order to add authentication to its
transactions, a typical network application adds one or two calls to
the Kerberos library, which results in the transmission of the
necessary messages to achieve authentication.

The Kerberos protocol consists of several sub-protocols (or
exchanges).  There are two methods by which a client can ask a
Kerberos server for credentials.  In the first approach, the client
sends a cleartext request for a ticket for the desired server to the
AS. The reply is sent encrypted in the client's secret key. Usually
this request is for a ticket-granting ticket (TGT) which can later be
used with the ticket-granting server (TGS).  In the second method, the
client sends a request to the TGS.  The client sends the TGT to the
TGS in the same manner as if it were contacting any other application
server which requires Kerberos credentials.  The reply is encrypted in
the session key from the TGT.

Once obtained, credentials may be used to verify the identity of the
principals in a transaction, to ensure the integrity of messages
exchanged between them, or to preserve privacy of the messages.  The
application is free to choose whatever protection may be necessary.

To verify the identities of the principals in a transaction, the
client transmits the ticket to the server.  Since the ticket is sent
"in the clear" (parts of it are encrypted, but this encryption doesn't
thwart replay) and might be intercepted and reused by an attacker,
additional information is sent to prove that the message was
originated by the principal to whom the ticket was issued.  This
information (called the authenticator) is encrypted in the session
key, and includes a timestamp.  The timestamp proves that the message
was recently generated and is not a replay.  Encrypting the
authenticator in the session key proves that it was generated by a
party possessing the session key.  Since no one except the requesting
principal and the server know the session key (it is never sent over
the network in the clear) this guarantees the identity of the client.

The integrity of the messages exchanged between principals can also be
guaranteed using the session key (passed in the ticket and contained
in the credentials).  This approach provides detection of both replay
attacks and message stream modification attacks.  It is accomplished
by generating and transmitting a collision-proof checksum (elsewhere
called a hash or digest function) of the client's message, keyed with
the session key.  Privacy and integrity of the messages exchanged
between principals can be secured by encrypting the data to be passed
using the session key passed in the ticket, and contained in the
credentials.

@node Cryptographic Overview
@section Cryptographic Overview

Shishi implements several of the standard cryptographic primitives.
Here are the names of the supported encryption suites, with some notes
on their status and there associated checksum suite.  They are ordered
by increased security as perceived by the author.

@cindex DES
@cindex 3DES
@cindex AES

@table @code

@item NULL

@code{NULL} is a dummy encryption suite for debugging.  Encryption and
decryption are identity functions.  No integrity protection.  It is
weak.  It is associated with the @code{NULL} checksum.

@item des-cbc-crc

@code{des-cbc-crc} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode. The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted @code{CRC32}-like checksum.
It is weak. It is associated with the @code{rsa-md5-des} checksum.

@item des-cbc-md4

@code{des-cbc-md4} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode. The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted MD4 hash.  It is weak. It is
associated with the @code{rsa-md4-des} checksum.

@item des-cbc-md5

@code{des-cbc-md5} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode.  The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted MD5 hash.  It is weak.  It is
associated with the @code{rsa-md5-des} checksum.  This is the
strongest RFC 1510 interoperable mechanism.

@item des3-cbc-sha1-kd

@code{des3-cbc-sha1-kd} is DES encryption and decryption with three 56
bit keys (effective key size 112 bits) and 8 byte blocks in CBC
mode. The keys can be derived from passwords by a algorithm based on
the paper "A Better Key Schedule For DES-like Ciphers"
@footnote{@url{http://www.research.att.com/~smb/papers/ides.pdf}} by
Uri Blumenthal and Steven M. Bellovin (it is not clear if the
algorithm, and the way it is used, is used by any other protocols,
although it seems unlikely).  Data is integrity protected with a keyed
(HMAC) SHA1 hash.  It has no security proof, but is assumed to provide
adequate security in the sense that knowledge on how to crack it is
not known to the public.  It is associated with the
@code{hmac-sha1-des3-kd} checksum.

@item aes128-cts-hmac-sha1-96
@item aes256-cts-hmac-sha1-96.

@code{aes128-cts-hmac-sha1-96} and @code{aes256-cts-hmac-sha1-96} is
AES encryption and decryption with 128 bit and 256 bit key,
respectively, and 16 byte blocks in CBC mode with Cipher Text
Stealing.  Cipher Text Stealing means data length of encrypted data is
preserved (pure CBC add up to 7 pad characters).  The keys can be
derived from passwords with RSA Laboratories PKCS#5 Password Based Key
Derivation Function
2@footnote{@url{http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/}},
which is allegedly provably secure in a random oracle model.  Data is
integrity protected with a keyed (HMAC) SHA1 hash truncated to 96
bits.  There is no security proof, but the schemes are assumed to
provide good security, but has, as AES itself, yet to receive the test
of time.  It is associated with the @code{hmac-sha1-96-aes128} and
@code{hmac-sha1-96-aes256} checksums, respectively.

@end table

The protocol do not include any way to negotiate which checksum
mechanisms to use, so in most cases the associated checksum will be
used.  However, checksum mechanisms can be used with other encryption
mechanisms, as long as they are compatible in terms of key format etc.
Here are the names of the supported checksum mechanisms, with some
notes on their status and the compatible encryption mechanisms. They
are ordered by increased security as perceived by the author.

@table @code

@item NULL

@code{NULL} is a dummy checksum suite for debugging.  It provides no
integrity.  It is weak.  It is compatible with the @code{NULL}
encryption mechanism.

@item rsa-md4-des

@code{rsa-md4-des} is a DES CBC encryption of one block of random data
and a unkeyed MD4 hash computed over the random data and the message
to integrity protect.  The key used is derived from the base protocol
key by XOR with a constant.  It is weak. It is compatible with the
@code{des-cbc-crc}, @code{des-cbc-md4}, @code{des-cbc-md5} encryption
mechanisms.

@item rsa-md5-des

@code{rsa-md5-des} is a DES CBC encryption of one block of random data
and a unkeyed MD5 hash computed over the random data and the message
to integrity protect.  The key used is derived from the base protocol
key by XOR with a constant.  It is weak.  It is compatible with the
@code{des-cbc-crc}, @code{des-cbc-md4}, @code{des-cbc-md5} encryption
mechanisms.

@item hmac-sha1-des3-kd

@code{hmac-sha1-des3-kd} is a keyed (HMAC) SHA1 hash computed over the
message.  The key is derived from the base protocol by the simplified
key derivation function (similar to the password key derivation
functions of @code{des3-cbc-sha1-kd}).  It has no security proof, but
is assumed to provide good security.  It is compatible with the
@code{des3-cbc-sha1-kd} encryption mechanism.

@item hmac-sha1-96-aes128
@item hmac-sha1-96-aes256

@code{hmac-sha1-96-aes*} are keyed (HMAC) SHA1 hashes computed over
the message and then truncated to 96 bits.  The key is derived from
the base protocol by the simplified key derivation function (similar
to the password key derivation functions of @code{des3-cbc-sha1-kd}).
It has no security proof, but is assumed to provide good security.  It
is compatible with the @code{des3-cbc-sha1-kd} encryption mechanism.

@end table


@node Supported Platforms
@section Supported Platforms

Shishi has at some point in time been tested on the following
platforms.

@enumerate

@item Debian GNU/Linux 3.0r0 (Woody)
@cindex Debian

GCC 2.95.4 and GNU Make. alphaev67-unknown-linux-gnu,
alphaev6-unknown-linux-gnu, hppa64-unknown-linux-gnu,
i686-pc-linux-gnu, ia64-unknown-linux-gnu.

@item Tru64 UNIX
@cindex Tru64

Tru64 UNIX C compiler and Tru64 Make. alphaev68-dec-osf5.1.

@item SuSE Linux 7.1
@cindex SuSE

GCC 2.96 and GNU Make. alphaev67-unknown-linux-gnu.

@item SuSE Linux 7.2a
@cindex SuSE Linux

GCC 3.0 and GNU Make. ia64-unknown-linux-gnu.

@item RedHat Linux 7.2
@cindex RedHat

GCC 2.96 and GNU Make. i686-pc-linux-gnu.

@item RedHat Linux 8.0
@cindex RedHat

GCC 3.2 and GNU Make. i686-pc-linux-gnu.

@item Red Hat Advanced Server 2.1
@cindex RedHat

GCC 2.96 and GNU Make. ia64-unknown-linux-gnu (Intel Madison).

@c @item IRIX 6.5
@c @cindex IRIX
@c
@c mips-sgi-irix6.5, MIPS C compiler, IRIX Make.

@c @item AIX 4.3.2
@c @cindex AIX
@c
@c rs6000-ibm-aix4.3.2.0, IBM C for AIX compiler, AIX Make.

@c @item Microsoft Windows 2000
@c @cindex Windows
@c
@c GCC 2.95.2-6, GNU make. i686-pc-cygwin

@c @item HP-UX 11.11
@c @cindex HP-UX
@c
@c HP-UX C compiler and HP Make. hppa2.0w-hp-hpux11.11.

@item SUN Solaris 2.8
@cindex Solaris

Sun WorkShop Compiler C 6.0 and SUN Make. sparc-sun-solaris2.8.

@item NetBSD 1.6
@cindex NetBSD

GCC 2.95.3 and GNU Make. alpha-unknown-netbsd1.6,
i386-unknown-netbsdelf1.6.

@item OpenBSD 3.1
@cindex OpenBSD

GCC 2.95.3 and GNU Make.
@c alpha-unknown-openbsd3.1, (alignment problems)
i386-unknown-openbsd3.1.

@item FreeBSD 4.7
@cindex FreeBSD

GCC 2.95.4 and GNU Make. alpha-unknown-freebsd4.7,
i386-unknown-freebsd4.7.

@end enumerate

If you use Shishi on, or port Shishi to, a new platform please report
it to the author (@pxref{Bug Reports}).

@node Bug Reports
@section Bug Reports
@cindex Reporting Bugs

If you think you have found a bug in Shishi, please investigate it and
report it.

@itemize @bullet

@item Please make sure that the bug is really in Shishi, and
preferably also check that it hasn't already been fixed in the latest
version.

@item You have to send us a test case that makes it possible for us to
reproduce the bug.

@item You also have to explain what is wrong; if you get a crash, or
if the results printed are not good and in that case, in what way.
Make sure that the bug report includes all information you would need
to fix this kind of bug for someone else.

@end itemize

Please make an effort to produce a self-contained report, with
something definite that can be tested or debugged.  Vague queries or
piecemeal messages are difficult to act on and don't help the
development effort.

If your bug report is good, we will do our best to help you to get a
corrected version of the software; if the bug report is poor, we won't
do anything about it (apart from asking you to send better bug
reports).

If you think something in this manual is unclear, or downright
incorrect, or if the language needs to be improved, please also send a
note.

Send your bug report to:

@center @samp{bug-shishi@@josefsson.org}


@c **********************************************************
@c ********************  User Manual  **********************
@c **********************************************************
@node User Manual
@chapter User Manual
@cindex End-user Shishi usage

Usually Shishi interacts with you to get some initial authentication
information like a password, and then contacts a server to receive a
so called ticket granting ticket.  From now on, you rarely interacts
with Shishi directly.  Applications that needs security services
instruct the Shishi library to use the ticket granting ticket to get
new tickets for various servers.  An example could be if you log on to
a host remotely via @samp{telnet}.  The host usually requires
authentication before permitting you in.  The @samp{telnet} client
uses the ticket granting ticket to get a ticket for the server, and
then use this ticket to authenticate you against the server (typically
the server is also authenticated to you).  You perform the initial
authentication by typing @command{shishi} at the prompt.  Sometimes it
is necessary to supply options telling Shishi what your principal name
(user name in the Kerberos realm) or realm is.  In the example, I
specify the client name @code{simon@@JOSEFSSON.ORG}.

@example
@cartouche
$ shishi simon@@JOSEFSSON.ORG
Enter password for `jas@@JOSEFSSON.ORG':
jas@@JOSEFSSON.ORG:
Authtime:       Fri Aug 15 04:44:49 2003
Endtime:        Fri Aug 15 05:01:29 2003
Server:         krbtgt/JOSEFSSON.ORG key des3-cbc-sha1-kd (16)
Ticket key:     des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags:   INITIAL (512)
$ 
@end cartouche
@end example

As you can see, Shishi also prints a short description of the ticket
received.

A logical next step is to display all tickets you have received (by
the way, the tickets are usually stored as text in
@file{~/.shishi/tickets}).  This is achieved by typing @command{shishi
--list}.

@example
@cartouche
$ shishi --list
Tickets in `/home/jas/.shishi/tickets':
                                                                                
jas@@JOSEFSSON.ORG:
Authtime:       Fri Aug 15 04:49:46 2003
Endtime:        Fri Aug 15 05:06:26 2003
Server:         krbtgt/JOSEFSSON.ORG key des-cbc-md5 (3)
Ticket key:     des-cbc-md5 (3) protected by des-cbc-md5 (3)
Ticket flags:   INITIAL (512)
                                                                                
jas@@JOSEFSSON.ORG:
Authtime:       Fri Aug 15 04:49:46 2003
Starttime:      Fri Aug 15 04:49:49 2003
Endtime:        Fri Aug 15 05:06:26 2003
Server:         host/latte.josefsson.org key des-cbc-md5 (3)
Ticket key:     des-cbc-md5 (3) protected by des-cbc-md5 (3)
                                                                                
2 tickets found.
$
@end cartouche
@end example

As you can see, I had a ticket for the server
@samp{host/latte.josefsson.org} which was generated by
@samp{telnet}:ing to that host.

If, for some reason, you want to manually get a ticket for a specific
server, you can use the @command{shishi --server-name} command.
Normally, however, the application that uses Shishi will take care of
getting a ticket for the appropriate server, so you normally wouldn't
need this command.

@example
@cartouche
$ shishi --server-name=user/billg --encryption-type=des-cbc-md4
jas@@JOSEFSSON.ORG:
Authtime:       Fri Aug 15 04:49:46 2003
Starttime:      Fri Aug 15 04:54:33 2003
Endtime:        Fri Aug 15 05:06:26 2003
Server:         user/billg key des-cbc-md4 (2)
Ticket key:     des-cbc-md4 (2) protected by des-cbc-md5 (3)
$
@end cartouche
@end example

As you can see, I acquired a ticket for @samp{user/billg} with a
@samp{des-cbc-md4} (@pxref{Cryptographic Overview}) encryption key
specified with the @samp{--encryption-type} parameter.

To wrap up this introduction, lets see how you can remove tickets.
You may want to do this if you leave your terminal for lunch or
similar, and don't want someone to be able to copy the file and then
use your credentials.  Note that this only destroy the tickets
locally, it does not contact any server and tell it that these
credentials are no longer valid.  So if someone stole your ticket
file, you must contact your administrator and have them reset your
account, simply using this parameter is not sufficient.

@example
@cartouche
$ shishi --server-name=imap/latte.josefsson.org --destroy
1 ticket removed.
$ shishi --server-name=foobar --destroy
No tickets removed.
$ shishi --destroy
3 tickets removed.
$
@end cartouche
@end example

Below follows a list of all parameters.

Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.

@example
Usage: shishi [OPTION...] [NAME] [OPTION...]
  or:  shishi [OPTION...] --list [--server-name=NAME]
  or:  shishi [OPTION...] --destroy [--server-name=NAME]
  or:  shishi [OPTION...] --crypto [CRYPTO-OPTION...]
  or:  shishi [OPTION...]

      --client-name=NAME     Client name. Default is login username. Only for
                             AS.
  -d, --destroy              Destroy tickets in local cache, subject to
                             --server-name limiting.
  -e, --endtime=STRING       Specify when ticket validity should expire.  The
                             time syntax may be relative (to the start time),
                             such as "20 hours", or absolute, such as
                             "2001-02-03 04:05:06 CET". The default is 8 hours
                             after the start time.
  -E, --encryption-type=ETYPE,[ETYPE...]
                             Encryption types to use.  ETYPE is either
                             registered name or integer.
      --force-as             Force AS mode. Default is to use TGS iff a TGT is
                             found.
      --force-tgs            Force TGS mode. Default is to use TGS iff a TGT is
                             found.
      --key-value=KEY        Cipher key to decrypt response (discouraged).
  -l, --list                 List tickets in local cache, subject to
                             --server-name limiting.
      --password=PASSWORD    Password to decrypt response (discouraged).  Only
                             for AS.
      --realm=REALM          Realm of server. Default is DNS domain of local
                             host. For AS, this also indicates realm of client.
                             
      --renew-till=STRING    Specify renewable life of ticket.  Implies
                             --renewable.  Accepts same time syntax as
                             --endtime.  If --renewable is specified, the
                             default is 1 week after the start time.
      --renewable            Get a renewable ticket.
  -R, --renew                Renew ticket.  Use --server-name to specify
                             ticket, default is the most recent renewable
                             ticket granting ticket for the default realm.
      --server=[FAMILY:]ADDRESS:SERVICE/TYPE
                             Send all requests to HOST instead of using normal
                             logic to locate KDC addresses (discouraged).
      --server-name=NAME     Server name. Default is "krbtgt/REALM" where REALM
                             is server realm (see --realm).
  -s, --starttime=STRING     Specify when ticket should start to be valid.
                             Accepts same time syntax as --endtime. The default
                             is to become valid immediately.
      --ticket-granter=NAME  Service name in ticket to use for authenticating
                             request. Only for TGS. Defaults to
                             "krbtgt/REALM@@REALM" where REALM is server realm
                             (see --realm).
 
 Options for low-level cryptography (CRYPTO-OPTIONS):
      --algorithm=ALGORITHM  Cipher algorithm, expressed either as the etype
                             integer or the registered name.
      --client-name=NAME     Username. Default is login name.
      --decrypt              Decrypt data.
      --encrypt              Encrypt data.
      --key-usage=KEYUSAGE   Encrypt or decrypt using specified key usage.
                             Default is 0, which means no key derivation are
                             performed.
      --key-value=KEY        Base64 encoded key value.
      --key-version=INTEGER  Version number of key.
      --parameter=STRING     String-to-key parameter to use when --password is
                             specified. This data is specific for each
                             encryption algorithm and rarely needed.
      --password=PASSWORD    Password used to generate key.  --client-name and
                             --realm also modify the computed key value.
      --random               Generate key from random data.
      --read-data-file=[TYPE,]FILE
                             Read data from FILE in TYPE, BASE64, HEX or BINARY
                             (default).
      --read-key-file=FILE   Read cipher key from FILE
      --realm=REALM          Realm of principal. Defaults to DNS domain of
                             local host.
      --salt=SALT            Salt to use when --password is specified. Defaults
                             to using theusername (--client-name) and realm
                             (--realm).
      --write-data-file=[TYPE,]FILE
                             Write data to FILE in TYPE, BASE64, HEX or BINARY
                             (default).
      --write-key-file=FILE  Append cipher key to FILE
 
 Other options:
      --configuration-file=FILE   Read user configuration from file.  Default
                             is ~/.shishi/config.
  -c, --ticket-file=FILE     Read tickets from FILE. Default is
                             $HOME/.shishi/tickets.
  -o, --library-options=STRING   Parse STRING as a configuration file
                             statement.
  -q, --quiet, --silent      Don't produce any output.
      --system-configuration-file=FILE
                             Read system wide configuration from file.  Default
                             is /usr/local/etc/shishi.conf.
      --ticket-write-file=FILE   Write tickets to FILE.  Default is to write
                             them back to ticket file.
  -v, --verbose              Produce verbose output.
      --verbose-library      Produce verbose output in the library.
  NAME                       Set client name and realm from NAME.  The
                             --client-name and --realm can be used to override
                             part of NAME.
  -?, --help                 Give this help list
      --usage                Give a short usage message
  -V, --version              Print program version
@end example

@c **********************************************************
@c ****************  Administration Manual  *****************
@c **********************************************************
@node Administration Manual
@chapter Administration Manual

TBW.


@c **********************************************************
@c ***************  Programming Manual  *********************
@c **********************************************************
@node Programming Manual
@chapter Programming Manual
@cindex Application Programming Interface (API)

This chapter describes all the publicly available functions in the
library.

@menu
* Preparation::                 What you should do before using the library.
* Initialization Functions::    Creating library handle, configuration file.
* Ticket Set Functions::        High-level ticket management functions.
* AP-REQ and AP-REP Functions:: Client/Server authentication functions.
* SAFE and PRIV Functions::     Client/Server session data functions.
* Ticket Functions::            Medium-level ticket manipulation functions.
* AS Functions::                Medium-level initial authentication functions.
* TGS Functions::               Medium-level authentication functions.
* Ticket (ASN.1) Functions::    Low-level Ticket functions.
* AS/TGS Functions::            Low-level KDC functions; AS and TGS.
* Authenticator Functions::     Low-level authenticator functions.
* Cryptographic Functions::     Low-level cryptographic functions.
* Utility Functions::           Utilities for use in the global context.
* Error Handling::              Error codes and such.
* Examples::                    Example code.
* Generic Security Service::    If you want to use the GSS API instead.
@end menu

@node Preparation
@section Preparation

To use `Libshishi', you have to perform some changes to your sources
and the build system.  The necessary changes are small and explained
in the following sections.  At the end of this chapter, it is
described how the library is initialized, and how the requirements of
the library are verified.

A faster way to find out how to adapt your application for use with
`Libshishi' may be to look at the examples at the end of this manual
(@pxref{Examples}).

@menu
* Header::
* Initialization::
* Version Check::
* Building the source::
@end menu

@node Header
@subsection Header

All interfaces (data types and functions) of the library are defined
in the header file `shishi.h'.  You must include this in all programs
using the library, either directly or through some other header file,
like this:

@example
#include <shishi.h>
@end example

The name space of `Libshishi' is @code{shishi_*} for function names,
@code{Shishi*} for data types and @code{SHISHI_*} for other symbols.  In
addition the same name prefixes with one prepended underscore are
reserved for internal use and should never be used by an application.

@node Initialization
@subsection Initialization

`Libshishi' must be initialized before it can be used.  The library is
initialized by calling @code{shishi_init()} (@pxref{Initialization
Functions}).  The resources allocated by the initialization process
can be released if the application no longer has a need to call
`Libshishi' functions, this is done by calling @code{shishi_done()}.

In order to take advantage of the internationalisation features in
`Libshishi', such as translated error messages, the application must
set the current locale using @code{setlocale()} before initializing
`Libshishi'.

@node Version Check
@subsection Version Check

It is often desirable to check that the version of `Libshishi' used is
indeed one which fits all requirements.  Even with binary
compatibility new features may have been introduced but due to problem
with the dynamic linker an old version is actually used.  So you may
want to check that the version is okay right after program startup.

@include shishi-api-version.texi

The normal way to use the function is to put something similar to the
following early in your @code{main()}:

@example
  if (!shishi_check_version (SHISHI_VERSION))
    @{
      printf ("shishi_check_version() failed:\n"
              "Header file incompatible with shared library.\n");
      exit(1);
    @}
@end example

@node Building the source
@subsection Building the source
@cindex Compiling your application

If you want to compile a source file including the `shishi.h' header
file, you must make sure that the compiler can find it in the
directory hierarchy.  This is accomplished by adding the path to the
directory in which the header file is located to the compilers include
file search path (via the @option{-I} option).

However, the path to the include file is determined at the time the
source is configured.  To solve this problem, `Libshishi' uses the
external package @command{pkg-config} that knows the path to the
include file and other configuration options.  The options that need
to be added to the compiler invocation at compile time are output by
the @option{--cflags} option to @command{pkg-config shishi}.  The
following example shows how it can be used at the command line:

@example
gcc -c foo.c `pkg-config shishi --cflags`
@end example

Adding the output of @samp{pkg-config shishi --cflags} to the
compilers command line will ensure that the compiler can find the
`Libshishi' header file.

A similar problem occurs when linking the program with the library.
Again, the compiler has to find the library files.  For this to work,
the path to the library files has to be added to the library search path
(via the @option{-L} option).  For this, the option @option{--libs} to
@command{pkg-config shishi} can be used.  For convenience, this option
also outputs all other options that are required to link the program
with the `Libshishi' libararies (in particular, the @samp{-lshishi}
option).  The example shows how to link @file{foo.o} with the `Libshishi'
library to a program @command{foo}.

@example
gcc -o foo foo.o `pkg-config shishi --libs`
@end example

Of course you can also combine both examples to a single command by
specifying both options to @command{pkg-config}:

@example
gcc -o foo foo.c `pkg-config shishi --cflags --libs`
@end example

@node Initialization Functions
@section Initialization Functions

@include shishi-api-init.texi


@node Ticket Set Functions
@section Ticket Set Functions

A ``ticket set'' is, as the name implies, a collection of tickets.
Functions are provided to read tickets from file into a ticket set, to
query number of tickets in the set, to extract a given ticket from the
set, to search the ticket set for tickets matching certain criterium,
to write the ticket set to a file, etc.  High level functions for
performing a initial authentication (@pxref{AS Functions}) or
subsequent authentication (@pxref{TGS Functions}) and storing the new
ticket in the ticket set are also provided.

To manipulate each individual ticket, @xref{Ticket Functions}.  For
low-level ASN.1 manipulation see @xref{Ticket (ASN.1) Functions}.

@include shishi-api-tkts.texi


@node AP-REQ and AP-REP Functions
@section AP-REQ and AP-REP Functions

The ``AP-REQ'' and ``AP-REP'' are ASN.1 structures used by application
client and servers to prove to each other who they are.  The
structures contain auxilliary information, together with an
authenticator (@pxref{Authenticator Functions}) which is the real
cryptographic proof.  The following illustrates the AP-REQ and AP-REP
ASN.1 structures.

@verbatim
AP-REQ          ::= [APPLICATION 14] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (14),
        ap-options      [2] APOptions,
        ticket          [3] Ticket,
        authenticator   [4] EncryptedData {Authenticator,
                                { keyuse-pa-TGSReq-authenticator
                                  | keyuse-APReq-authenticator }}
}

AP-REP          ::= [APPLICATION 15] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (15),
        enc-part        [2] EncryptedData {EncAPRepPart,
                                { keyuse-EncAPRepPart }}
}

EncAPRepPart    ::= [APPLICATION 27] SEQUENCE {
        ctime           [0] KerberosTime,
        cusec           [1] Microseconds,
        subkey          [2] EncryptionKey OPTIONAL,
        seq-number      [3] UInt32 OPTIONAL
}
@end verbatim

@include shishi-api-ap.texi


@node SAFE and PRIV Functions
@section SAFE and PRIV Functions

The ``KRB-SAFE'' is an ASN.1 structure used by application client and
servers to exchange integrity protected data.  The integrity
protection is keyed, usually with a key agreed on via the AP exchange
(@pxref{AP-REQ and AP-REP Functions}).  The following illustrates the
KRB-SAFE ASN.1 structure.

@verbatim
   KRB-SAFE        ::= [APPLICATION 20] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (20),
           safe-body       [2] KRB-SAFE-BODY,
           cksum           [3] Checksum
   }

   KRB-SAFE-BODY   ::= SEQUENCE {
           user-data       [0] OCTET STRING,
           timestamp       [1] KerberosTime OPTIONAL,
           usec            [2] Microseconds OPTIONAL,
           seq-number      [3] UInt32 OPTIONAL,
           s-address       [4] HostAddress,
           r-address       [5] HostAddress OPTIONAL
   }
@end verbatim

@include shishi-api-safe.texi

The ``KRB-PRIV'' is an ASN.1 structure used by application client and
servers to exchange confidential data.  The confidentiality is keyed,
usually with a key agreed on via the AP exchange (@pxref{AP-REQ and
AP-REP Functions}).  The following illustrates the KRB-PRIV ASN.1
structure.

@verbatim
   KRB-PRIV        ::= [APPLICATION 21] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (21),
                           -- NOTE: there is no [2] tag
           enc-part        [3] EncryptedData -- EncKrbPrivPart
   }

   EncKrbPrivPart  ::= [APPLICATION 28] SEQUENCE {
           user-data       [0] OCTET STRING,
           timestamp       [1] KerberosTime OPTIONAL,
           usec            [2] Microseconds OPTIONAL,
           seq-number      [3] UInt32 OPTIONAL,
           s-address       [4] HostAddress -- sender's addr --,
           r-address       [5] HostAddress OPTIONAL -- recip's addr
   }
@end verbatim

@c @include shishi-api-safe.texi


@node Ticket Functions
@section Ticket Functions

@include shishi-api-tkt.texi


@node AS Functions
@section AS Functions

The Authentication Service (AS) is used to get an initial ticket using
e.g. your password.  The following illustrates the AS-REQ and AS-REP
ASN.1 structures.

@verbatim
-- Request --

AS-REQ          ::= KDC-REQ {10}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

AS-REP          ::= KDC-REP {11, EncASRepPart, {keyuse-EncASRepPart}}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncASRepPart    ::= [APPLICATION 25] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-as.texi


@node TGS Functions
@section TGS Functions

The Ticket Granting Service (TGS) is used to get subsequent tickets,
authenticated by other tickets (so called ticket granting tickets).
The following illustrates the TGS-REQ and TGS-REP ASN.1 structures.

@verbatim
-- Request --

TGS-REQ         ::= KDC-REQ {12}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

TGS-REP         ::= KDC-REP {13, EncTGSRepPart,
                        { keyuse-EncTGSRepPart-sesskey
                          | keyuse-EncTGSRepPart-subkey }}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncTGSRepPart   ::= [APPLICATION 26] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-tgs.texi


@node Ticket (ASN.1) Functions
@section Ticket (ASN.1) Functions

@include shishi-api-ticket.texi

@node AS/TGS Functions
@section AS/TGS Functions

The Authentication Service (AS) is used to get an initial ticket using
e.g. your password.  The Ticket Granting Service (TGS) is used to get
subsequent tickets using other tickets.  Protocol wise the procedures
are very similar, which is the reason they are described together.
The following illustrates the AS-REQ, TGS-REQ and AS-REP, TGS-REP
ASN.1 structures.  Most of the functions use the mnemonic ``KDC''
instead of either AS or TGS, which means the function operates on both
AS and TGS types.  Only where the distinction between AS and TGS is
important are the AS and TGS names used.  Remember, these are
low-level functions, and normal applications will likely be satisfied
with the AS (@pxref{AS Functions}) and TGS (@pxref{TGS Functions})
interfaces, or the even more high-level Ticket Set (@pxref{Ticket Set
Functions}) interface.

@verbatim
-- Request --

AS-REQ          ::= KDC-REQ {10}
TGS-REQ         ::= KDC-REQ {12}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

AS-REP          ::= KDC-REP {11, EncASRepPart, {keyuse-EncASRepPart}}
TGS-REP         ::= KDC-REP {13, EncTGSRepPart,
                        { keyuse-EncTGSRepPart-sesskey
                          | keyuse-EncTGSRepPart-subkey }}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncASRepPart    ::= [APPLICATION 25] EncKDCRepPart
EncTGSRepPart   ::= [APPLICATION 26] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-kdc.texi


@node Authenticator Functions
@section Authenticator Functions

An ``Authenticator'' is a ASN.1 structure that work as a proof that an
entity owns a ticket.  It is usually embedded in the AP-REQ structure
(@pxref{AP-REQ and AP-REP Functions}), and you most likely want to use
an AP-REQ instead of a Authenticator in normal applications.  The
following illustrates the Authenticator ASN.1 structure.

@verbatim
Authenticator   ::= [APPLICATION 2] SEQUENCE  {
        authenticator-vno       [0] INTEGER (5),
        crealm                  [1] Realm,
        cname                   [2] PrincipalName,
        cksum                   [3] Checksum OPTIONAL,
        cusec                   [4] Microseconds,
        ctime                   [5] KerberosTime,
        subkey                  [6] EncryptionKey OPTIONAL,
        seq-number              [7] UInt32 OPTIONAL,
        authorization-data      [8] AuthorizationData OPTIONAL
}
@end verbatim

@include shishi-api-authenticator.texi


@node Cryptographic Functions
@section Cryptographic Functions

Underneath the high-level functions described earlier, cryptographic
operations are happening.  If you need to access these cryptographic
primitives directly, this section describes the functions available.

Most cryptographic operations need keying material, and cryptographic
keys have been isolated into it's own data structure
@code{Shishi_key}.  The following illustrates it's contents, but note
that you cannot access it's elements directly but must use the
accessor functions described below.

@verbatim
struct Shishi_key
{
  int type;    /* RFC 1510 encryption integer type */
  char *value; /* Cryptographic key data */
  int version; /* RFC 1510 ``kvno'' */
};
@end verbatim

All functions that operate on this data structure are described now.

@include shishi-api-key.texi

Applications that run uninteractively may need keying material.  In
these cases, the keys are stored in a file, a file that is normally
stored on the local host.  The file should be protected from
unauthorized access.  The file is in ASCII format and contains keys as
outputed by @code{shishi_key_print()}.  All functions that handle
these keys sets are described now.

@include shishi-api-keys.texi

The previous functions require that the filename is known.  For some
applications, servers, it makes sense to provide a system default.
These key sets used by server applications are known as ``hostkeys''.
Here are the functions that operate on hostkeys (they are mostly
wrappers around generic key sets).

@include shishi-api-hostkeys.texi

After creating the key structure, it can be used to encrypt and
decrypt data, calculate checksum on data etc.  All available functions
are described now.

@include shishi-api-crypto.texi


@node Utility Functions
@section Utility Functions

@include shishi-api-utility.texi


@node Error Handling
@section Error Handling
@cindex Error Handling

Most functions in `Libshishi' are returning an error if they fail.
For this reason, the application should always catch the error
condition and take appropriate measures, for example by releasing the
resources and passing the error up to the caller, or by displaying a
descriptive message to the user and cancelling the operation.

Some error values do not indicate a system error or an error in the
operation, but the result of an operation that failed properly.

@menu
* Error values::                A list of all error values used.
* Error strings::               How to get a descriptive string from a value.
@end menu

@node Error values
@subsection Error values

Errors are returned as an @code{int}.  Except for the SHISHI_OK case,
an application should always use the constants instead of their
numeric value.  Applications are encouraged to use the constants even
for SHISHI_OK as it improves readability.  Possible values are:

@table @code
@item SHISHI_OK
This value indicates success.  The value of this error is guaranteed
to always be @code{0} so you may use it in boolean constructs.

@include shishi-api-error-labels.texi

@end table

@node Error strings
@subsection Error strings

@include shishi-api-error.texi

@node Examples
@section Examples
@cindex Examples

This section will be extended to contain walk-throughs of example code
that demonstrate how `Shishi' is used to write your own applications
that support Kerberos 5.  The rest of the current section consists of
some crude hints for the example client/server applications that is
part of Shishi, taken from an email but saved here for lack of a
better place to put it.

There are two programs: 'client' and 'server' in src/.

The client output an AP-REQ, waits for an AP-REP, and then simply
reads data from stdin.

The server waits for an AP-REQ, parses it and prints an AP-REP, and
then read data from stdin.

Both programs accept a Kerberos server name as the first command line
argument.  Your KDC must know this server, since the client tries to
get a ticket for it (first it gets a ticket granting ticket for the
default username), and you must write the key for the server into
/usr/local/etc/shishi.keys on the Shishi format, e.g.:

@example
-----BEGIN SHISHI KEY-----
Keytype: 16 (des3-cbc-sha1-kd)
Principal: sample/latte.josefsson.org
Realm: JOSEFSSON.ORG
 
8W0VrQQBpxlACPQEqN91EHxbvFFo2ltt
-----END SHISHI KEY-----
@end example

You must extract the proper encryption key from the KDC in some way.
(This part will be easier when Shishi include a KDC, a basic one isn't
far away, give me a week or to.)

The intention is that the data read, after the authentication phase,
should be protected using KRB_SAFE (see RFC) but I haven't added this
yet.

@node Generic Security Service
@section Generic Security Service
@cindex Generic Security Service (GSS)

As an alternative to the native Shishi programming API, it is possible
to program Shishi through the Generic Security Services (GSS) API.
The advantage of using GSS-API in your security application, instead
of the native Shishi API, is that it will be easier to port your
application between different Kerberos 5 implementations, and even
beyond Kerberos 5 to different security systems, that support GSS-API.
In the free software world, however, the only widely used security
system that supports GSS-API is Kerberos 5, so the last advantage is
somewhat academic.  But if you are porting applications using GSS-API
for other Kerberos 5 implementations, or want a more mature and stable
API than the native Shishi API, you may find using Shishi's GSS-API
interface compelling.  Note that GSS-API only offer basic services,
for more advanced uses you must use the native API.

Since the GSS is not specific to Shishi, it is distributed
independently from Shishi.  Further information on the GSS project can
be found at @url{http://josefsson.org/gss/}.

@c **********************************************************
@c *******************  Acknowledgements  *******************
@c **********************************************************
@node Acknowledgements
@chapter Acknowledgements

Shishi uses Libtasn1 by Fabio Fiorina, Libnettle by Niels Möller,
Libgcrypt and Libgpg-error by Werner Koch, Libidn by Simon Josefsson,
cvs2cl by Karl Fogel, and gdoc by Michael Zucchi.

Several GNU packages simplified development considerably, those
packages include Autoconf, Automake, Libtool, Gnulib, Gettext, Indent,
CVS, Texinfo, Help2man and Emacs.

Several people reported bugs, sent patches or suggested improvements,
see the file THANKS.

@c **********************************************************
@c *******************  Appendices  *************************
@c **********************************************************

@node Copying This Manual
@appendix Copying This Manual

@menu
* GNU Free Documentation License::  License for copying this manual.
@end menu

@include fdl.texi

@include gpl.texi

@node Concept Index
@unnumbered Concept Index

@printindex cp

@node Function and Data Index
@unnumbered Function and Data Index

@printindex fn

@summarycontents
@contents
@bye