This routine provides a convenient means for client and server
programs to send authenticated messages to one another through network
connections. The krb5_sendauth routine
sends an authenticated ticket from the client program to the server
program using the network connection specified by fd.
In the MIT UNIX and OpenVMS implementations, fd should
be a pointer to a file descriptor describing the network socket.
The arguments client and server specify
the Kerberos principals for the client and the server. They are ignored
if in_creds is nonNULL. Otherwise, server must
be nonNULL, but client may be NULL, in
which case the client principal used is the one in the credential
cache's default principal.
The ap_req_options argument specifies
the options that should be passed to krb5_mk_req.
If ap_req_options specifies MUTUAL_REQUIRED,
then krb5_sendauth will perform a mutual authentication
exchange, and if rep_result is nonNULLl,
it will be filled in with the result of the mutual authentication
exchange; the caller should free *rep_result with krb5_free_ap_rep_enc_part when
done with it.
If in_creds is nonNULL, then in_creds->client and in_creds->server must
be filled in, and either the other structure fields should be filled
in with valid credentials, or in_creds->ticket.length should
be zero. If in_creds->ticket.length is
nonzero, then in_creds will be used as-is
as the credentials to send to the server, and ccache is
ignored; otherwise, ccache is used as described
later, and out_creds, if not NULL, is filled
in with the retrieved credentials.
The ccache argument specifies the
credential cache to use when one is needed (that is, when in_creds is NULL
or in_creds->ticket.length is
zero). When a credential cache is not needed, ccache is
ignored. When a credential cache is needed and ccache is
NULL, the default credential cache is used. Note that if the credential
cache is needed and does not contain the needed credentials, they
will be retrieved from the KDC and stored in the credential cache.
If mutual authentication is used and rep_result is
nonNULL, the sequence number for the server is available to the
caller in *rep_result->seq_number.
(If mutual authentication is not used, there is no way to negotiate
a sequence number for the server.)
If an error occurs during the authenticated ticket exchange
and error is nonNULL, the error packet (if any) that was sent from
the server will be placed in it. This error should be freed with krb5_free_error.