KClientAPI-Transition.html [plain text]
<!-- #bbinclude "header.template"
#PAGETITLE#="Updating KClient 1.x to 3.0"
#BASEHREF#=""
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<BASE HREF="http://web.mit.edu/macdev/KfM/KerberosFramework/KClient/Documentation/KClientAPI-Transition.html">
<META NAME="keywords" CONTENT="#KEYWORDS#">
<META NAME="description" CONTENT="#DESCRIPTION#">
<TITLE>Updating KClient 1.x to 3.0</TITLE>
<STYLE TYPE="text/css">
@import url(../../../Common/Documentation/templates/site.css);
</STYLE>
</HEAD>
<BODY>
<DIV ID="menu">
<IMG SRC="../../../Common/Documentation/graphics/Kerberos.jpg" ALT="Kerberos for Macintosh Logo">
<HR>
<P><A HREF="../../../Common/Documentation/index.html">Home</A></P>
<P><A HREF="http://web.mit.edu/kerberos/">MIT Kerberos</A></P>
<P><A HREF="http://web.mit.edu/ist/">MIT IS&T</A></P>
<HR>
<P><A HREF="../../../Common/Documentation/news.html">News</A></P>
<P><A HREF="../../../Common/Documentation/documentation.html">Documentation</A></P>
<P><A HREF="../../../Common/Documentation/developer.html">Developer Resources</A></P>
<P><A HREF="../../../Common/Documentation/license.html">License</A></P>
<HR>
<P><A HREF="../../../Common/Documentation/download.html">Download</A></P>
<P><A HREF="../../../Common/Documentation/support.html">Support</A></P>
<P><A HREF="../../../Common/Documentation/contact.html">Contact Us</A></P>
</DIV>
<DIV ID="body">
<!-- end bbinclude -->
<table border="0" cellspacing="4">
<tr>
<td><img src="../../../Common/Documentation/graphics/ThreeHeadsAndKey.gif"></td>
<td><font size="6"><b>Updating KClient 1.x to 3.0</b></font></td>
</tr>
</table>
</p>
<blockquote>
<p>KClient 3.0 is a completely rearchitected API from the original KClient API. This rearchitecting was done when KClient became a set of shared libraries on Mac OS 9 - and it is now part of the Kerberos framework on Mac OS X. The rearchitecting was necessary because the entire runtime interface changed, and the API used by KClient prior to the version 3.0 had several deficiencies.</p>
<p>The new API is documented in the KClient 3.0 API reference. This document is intended for the developers who used KClient 1.x in their code, and are updating their code to work with KClient 3.0. If you are writing new code that uses KClient, you should read the KClient 3.0 API reference, and write to the new API.</p>
<h3>Why update?</h3>
<p>KClient 3.0 has several advantages. First of all, it is implemented as part of a Mac OS X framework (Mac OS X) or a set of shared libraries (Mac OS 9/Mac OS X CFM compatibility), rather than as a classic 68K driver. Classic 68K drivers are not supported on Mac OS X, except in the Classic environment. Therefore, for your code to be Carbon-compatible and to work under Mac OS X, you need to update to the KClient 3.0 API.</p>
<p>In addition, the KClient 3.0 API is considerably simpler and more consistent. Where other APIs are adequate (CCache API, for example), KClient no longer tries to implement its own version of the API; instead, it provides easy ways of correctly using KClient with the other APIs. This also improves cross-platform compatibility, because those APIs are already cross-platform (Kerberos v4 API, Kerberos Profile API), or are designed to be cross-platform and will be implemented cross-platform in the future (Credentials Cache API v3); those API are standard parts of the MIT Kerberos distribution, or are becoming standard parts in the future.</p>
<h3>Options for updating</h3>
<p>Most existing code which uses KClient 1.x is based on the driver glue from KClient 1.x SDKs. The driver glue implements the KClient functions by calling into the driver to perform the required operations. There might be a few bodies of code that call the KClient driver directly; the suggested upgrade path for such code is to update to KClient 1.9 API first, and then proceed with the update to KClient 3.0.</p>
<p>KClient 3.0 provides 2 APIs: the KClient 3.0 API, described in the KClient 3.0 API reference, and the KClient 1.x compatibility API. All future development will be on KClient 3.0 API and any new features will only appear in KClient 3.0 API. KClient 1.x compatibility API should be only used as an interim measure in updating your code to KClient 3.0 API.</p>
<p>The functions in the 1.x compatibility layer can be divided into 3 groups:</p>
<ol>
<li>unsupported functions: the functionality of these functions could not be provided in the compatibility layer
<li>deprecated functions: these functions are supported in the compatibility layer, but they are in some way unsafe or incomplete, and their use should be avoided, as they may stop functioning properly at any point in time
<li>supported functions: these functions are supported in the compatibility layer, and will continue to be supported for the foreseeable future
</ol>
<p>The best thing you can do with your code is to update it to the KClient 3.0 API. That API will guarantee you the best future compatibility and you will be able to take advantage of new KClient features. However, that also requires the most work on your part.</p>
<p>If you do not update your code to the KClient 3.0 API, you need to update your code to the KClient 1.x compatibility API, and that involves doing some of the following:</p>
<ol>
<li>Remove all calls to unsupported functions. You must do this in order to be able to update your code to the compatibility API at all. There are only a few unsupported functions, and they shouldn't be used by many clients. They are listed below.
<li>Change all calls to modified functions to their new interface. You must do this in order to be able to use the compatibility API. There are only a few modified functions, and they are listed below with instructions on how to call them in the compatibility API.
<li>Replace all calls to deprecated functions with calls to other functions in the KClient API , or in other APIs. You should do this as soon as it's practical, because deprecated functions may break in the future.
</ol>
<p>Ultimately, you should update to KClient 3.0 API, which additionally involves changing calls to all supported functions to their KClient 3.0 API equivalents.</p>
<p>The rest of this document describes what is involved in updating to KClient 3.0 API, followed by a quick reference guide to all KClient 1.x API functions and their state in the compatibility layer.</p>
<h3>How much work will it be?</h3>
<p>The following step-by-step procedure will help you ascertain how much work you need to do to update your code to the KClient 1.x compatibility API. Further below, going from the KClient 1.x compatibility API to the KClient 3.0 API is discussed.</p>
<p>To update from KClient 1.x driver libraries to KClient 1.x compatibility API shared libraries:</p>
<ol>
<li>Remove KClient.c from your project or Makefile, and replace it with KClientCompatLib and KClientDeprecatedLib.
<li>Try to compile and linking your project.
<ol>
<li>If the compilation failed because a function wasn't recognized (an unknown identifier error), you are probably using some of the unsupported functions. Determine which ones, and follow the instructions below.
<li>If the compilation failed because a function was given the incorrent number of parameters, you are probably using some of the modified functions. Determine which ones, and follow the instructions below.
<li>If the compilation and linking succeeded, proceed to the next step
</ol>
<li>Remove KClientDeprecatedLib from your project or Makefile
<li>Try to compile and link your project
<ol>
<li>If the project failed to link, you are probably using some deprecated functions. Determine which ones, and follow the instructions below.
<li>If the the compilation and linking succeeded, proceed to the next step
</ol>
<li>Your project is now successfully linking with the KClient 1.x compatibility API, without using any deprecated functions
</ol>
<p>Please note that this procedure only works if your compiler does correct function prototype checks; if prototype checking is unavailable or disabled, you may not notice if you are using modified or unsupported functions, and your program will likely crash when trying to call them. In that case, you can search for them by their names by hand (see the list below).</p>
<p>If any of these steps fail for reasons other than the ones listed above, you likely found a bug in the compatibility interfaces. Please contact us at <a href="mailto:macdev@mit.edu">macdev@mit.edu</a>.</p>
<p>After you have done the above, if you want to update your code to the KClient 3.0 API, you need to do two things:</p>
<ol>
<li>replace your calls to deprecated functions with calls to supported equivalents
<li>change your calls to modified functions to their new prototypes and semantics
</ol>
<p>Most of the work is in the first step, because in order to remove the dependencies on the deprecated functions, you will have to use APIs other than the KClient API (the Credentials Cache API, the Kerberos Profile API, and the Kerberos v4 API). After that, the second step will be easy, since most supported and modified functions in the compatibility API map directly to one or two calls in the KClient 3.0 API.</p>
<p>Unfortunately, it's in general not possible to mix the 1.x compatibility API and the 3.0 API in the same code, so once you decide to do either of those two steps, you will have to do both. Fortunately, one of them is very simple, and, even better, it's the one that will be the most common -- most clients should not have used the deprecated functions in the first place.</p>
<h1>Detailed Function Listing</h1>
<h2>Unsupported functions</h2>
<p>The following functions are not supported in the KClient 1.x compatibility API: <code>KClientAddSpecial()</code>, <code>KClientDeleteSpecial()</code>, <code>KClientGetNumSpecials()</code>, <code>KClientGetNthSpecial()</code>, <code>KClientSetOption()</code>, <code>KClientGetOption()</code>, and <code>KClientSetPrompt()</code>.</p>
<h4>KClientAddSpecial, KClientDeleteSpecial, KClientGetNumSpecials, and KClientGetNthSpecial</h4>
<p>The functions <code>KClientAddSpecial()</code>, <code>KClientDeleteSpecial()</code>, <code>KClientGetNumSpecials()</code>, and <code>KClientGetNthSpecial()</code> were used to configure "special" services. This functionality is now obsolete, and these functions are consequently unsupported. If you have a reason to believe you need to use these functions, please contact <a href="mailto:macdev@mit.edu">macdev@mit.edu</a>.</p>
<h4>KClientSetOption and KClientGetOption</h4>
<p>The functions <code>KClientSetOption()</code> and <code>KClientGetOption()</code> were used to read and write various KClient settings. They should never have been used by anyone other than the KClient control panel itself. However, most of the functionality of those options is now publically available in the <a href="../../KerberosLogin/Documentation/API.html">Kerberos Login API</a>, and if you used these functions, you should use the Kerberos Login API instead. Please contact <a href="mailto:macdev@mit.edu">macdev@mit.edu</a> with any questions you might have about these functions.</p>
<h4>KClientSetPrompt</h4>
<p>This function was used to set the prompt string in the KClient login dialog. This functionality is not available in any library at this time. If you believe that you need this functionality, contact <a href="mailto:macdev@mit.edu">macdev@mit.edu</a>, and we may consider adding the funtionality to the Login API, which encapsulates the login user interface.</p>
<h2>Deprecated functions</h2>
<p>The functions listed below are present in the KClient 1.x compatibility interface, but they are likely to break in the future, and therefore should be avoided at all costs.</p>
<p>Note that in order to remove the dependency on the deprecated functions, you will have to update your code to the KClient 3.0 API. Since it is impossible to mix the KClient 1.x compatibility API and the KClient 3.0 API, once you decide to remove the deprecated functions you will have to update the supported functions to the KClient 3.0 API. Fortunately, most of the work of upgrading to the KClient 3.0 API is, in fact, in removing dependencies on the deprecated 1.x functions, so once you do that, updating the rest of the functions will be very simple -- see instructions below on updating the supported functions.</p>
<h3>Credentials cache management functions</h3>
<p>The following functions are deprecated because they implement an incomplete and not forward-looking credentials cache management API: <code>KClientGetNumSessions()</code>, <code>KClientGetNthSession()</code>, <code>KClientDeleteSession()</code>, <code>KClientGetCredentials()</code>, <code>KClientAddCredentials()</code>, <code>KClientDeleteCredentials()</code>, <code>KClientGetNumCredentials()</code>, <code>KClientGetNthCredential()</code>, and <code>KClientGetUserName()</code>.</p>
<p>These functions are typically used to sequentially access all credentials, in order to display them to the user, or to find a specific credentials. The interface these functions present is not compatible with Kerberos v5, as they provide no way to access Kerberos v5 credentials in the credentials cache, which is needed in a mixed Kerberos v4/v5 environment. The iteration facility of these functions is based on indices, which makes them unsafe, because in a preemptive environment they cannot guarantee a coherent view of the credentials cache.</p>
<p>Because of that, these functions are deprecated and will be removed in the future. The same functionality is available in the CCache API. Code that uses these functions should be replaced with code that uses the CCache API:</p>
<ul>
<li>If the purpose of the code is to look at (and possibly delete) the Kerberos v4 credentials in the credentials cache of the user of the KClient session, then the code should use <code>KClientGetCCacheHandle()</code> in KClient 3.0 API to get a reference to the credentials cache for that user, and then use CCache API credentials iterators to list all the credentials.
<li>If the purpose of the code if to add Kerberos v4 credentials to the credentials cache of the user of the KClient session, the the code should use <code>KClientGetCCacheHandle()</code> in KClient 3.0 API to get a reference to the credentials cache for that user, and then use <code>cc_ccache_store_credentials()</code> to store the credentials
<li>If the purpose of the code is to look at the credentials caches for all currently logged-in users, the code should use CCache API credentials cache iterators to list all the credentials caches.
<li><code>KClientGetUserName()</code> should be replaced with <code>krb_tkt_string()</code> (to get the name of the default application credentials cache) and <code>cc_context_open_ccache()</code>, or <code>cc_context_open_default_ccache()</code> (to open the system default credentials cache), followed by <code>cc_ccache_get_principal()</code> to get the principal corresponding to the default credentials cache. Note, however, that if you want to get the principal corresponding to the KClient session you are manipulating, you should use <code>KClientGetSessionUserName()</code> instead.
</ul>
<p>Please consult the CCache API documentation for details on using the API.</p>
<h3>Realms configuration management functions</h3>
<p>The following functions are deprecated because they implement an incomplete and inconsistent realms configuration management API: <code>KClientGetLocalRealm()</code>, <code>KClientSetLocalRealm()</code>, <code>KClientAddRealmMap()</code>, <code>KClientDeleteRealmMap()</code>, <code>KClientGetNthRealmMap()</code>, <code>KClientGetNthServer()</code>, <code>KClientAddServerMap()</code>, <code>KClientDeleteServerMap()</code>, <code>KClientGetNthServerMap()</code>, <code>KClientGetNthServerPort()</code>, <code>KClientSetNthServerPort()</code>.</p>
<p>These function are typically used to read or modify the realm configuration. The interface provided by these functions is not compatible with Kerberos v5, as they do not provide for various additional information about realm configuration available with Kerberos v5. The iteration facility provided by these functions is based on indices, which makes them unsafe in a preemptive environment; real iterators allow a consistent view of the realms configuration.</p>
<p>Because of that, and since the Kerberos Profile API is a considerably more general API also used by Kerberos v5, these functions are deprecated and will be removed in the future. Code that uses these functions should be replaced with code that uses the Kerberos Profile API. Consult the Kerberos profile API documentation for details on using the API.</p>
<p>The function <code>KClientGetRealm()</code> is available in the Kerberos v4 API as <code>krb_realmofhost()</code>. To avoid API reduncancy, and to improve portability of the code, <code>KClientGetRealm()</code> is deprecated, and <code>krb_realmofhost()</code> should be used instead.</p>
<h3>KClientErrorText</h3>
<p><code>KClientGetErrorText()</code> is deprecated, because it has an unsafe interface (a buffer of an unknown size is passed into the function).</p>
<p>You should replace this function with a call to the Error Library; see the Error Library API reference for more information.</p>
<h3>KClientSetUserName</h3>
<p>This function was used to set the default username that appears in the KClient login dialog. The use of the function was primarily to hint to the user which principal to authenticate as, but it was never possible to require the user to login as a specific principal.</p>
<p>You should replace this function with <code>KClientSetClientPrincipal().</code></p>
<h1>Updating to KClient 3.0 API from the KClient 1.x compatibility API</h1>
<p>To update your code from the KClient 1.x API to the KClient 3.0 API, you need to change three things:</p>
<ul>
<li>change to new variable types
<li>change to new function names and prototypes
<li>change to new session semantics
</ul>
<h3>New types</h3>
<p>The new types in the 3.0 API are:</p>
<ul>
<li><code>KClientSession</code>: must be used instead of <code>KClientSessinInfo</code>
<li><code>KClientPrincipal</code>: must be used whereever a <code>char*</code> was used for a Kerberos principal
<li><code>KClientAddress</code>: must be used whereever two integers were used for a network address and port
<li><code>KClientFile</code>: must be used whereever a <code>char*</code> was used for a key file path
</ul>
<p>The <code>KeyClientKey</code> type is unchanged.</p>
<h3>New function names and prototypes</h3>
<p>Updating function calls requires two parts:</p>
<ul>
<li>Remove dependencies on deprecated functions -- see the section about deprecated functions above
<li>Change calls to supported functions from the compatibility API
</ul>
<p>The second step is described in detail below, for every function. Since almost all of the functions in KClient 3.0 API take one of the new API types, it is assumed below you are converting the types to the new types at the same time. Only changes that involve calling new functions or old functions with new arguments are listed.</p>
<h3>New session semantics</h3>
<p>Starting with KClient 3.0, it is not possible to recycle a KClient session in order to authenticate more than one user or to more than one service.</p>
<p>The KClient 1.x API allowed the caller to create a single session and call, for example, <code>KClientGetTicketForService()</code> repeatedly to get tickets for different services. The KClient 3.0 API, on the other hand, does not allow this. Once a session is created and authenticated, the client and the service principal and address are remembered until the session is destroyed. To authenticate a different client, or to authenticate to a different server, a new session has to be created.</p>
<p>This allows KClient to prevent the previously common failure case when an application's service ticket expires, and the application asks for new service ticket, causing the user to type in a name and a password. If the user selects a different principal from before, the application winds up with the service tickets for a different principal, and usually gets confused (for example, gets mail for the second principal into the first user's mailbox).</p>
<p>If you are currently using the KClient 1.x API and you are recycling KClient sessions in this way, you need to change your code so that it uses one session per client/service pair that you are authenticating.</p>
<h2>Supported and modified functions</h2>
<h4>KClientDecrypt, KClientDisposeSession, KClientEncrypt, KClientGetSessionKey, KClientProtectIntegrity, KClientVerifyIntegrity, KClientVerifyReplyTicket, KClientVerifyUnencryptedReplyTicket, KServerGetReplyTicket</h4>
<p>In order to update these 9 functions to the KClient 3.0 API, the first argument has to be changed from the type <code>KClientSessionInfo*</code> to <code>KClientSession</code>. Also, the following functions names have changed:</p>
<p>
<table border="1" cellpadding="0" cellspacing="2" width="373">
<tr>
<td>
<center>
<b>Old name</b></center>
</td>
<td>
<center>
<b>New name</b></center>
</td>
</tr>
<tr>
<td><code>KClientVerifyReplyTicket</code></td>
<td><code>KClientVerifyEncryptedServiceReply</code></td>
</tr>
<tr>
<td><code>KClientVerifyUnencryptedReplyTicket</code></td>
<td><code>KClientVerifyProtectedServiceReply</code></td>
</tr>
<tr>
<td><code>KServerGetReplyTicket</code></td>
<td><code>KClientGetEncryptedServiceReply</code></td>
</tr>
</table>
</p>
<p>Also note the presence of the new function, <code>KClientGetProtectedServiceReply()</code>, as a counterpart to <code>KClientGetEncryptedServiceReply()</code>. See the KClient API 3.0 specification for more details.</p>
<h4>KClientErrorText, KClientLogout, KClientPasswordToKey</h4>
<p>To update these 3 functions to the KClient 3.0 API, they need to take a <code>KClientSession</code> as their first argument. Also, <code>KClientErrorText()</code> has been renamed to <code>KClientGetErrorText()</code>.</p>
<h4>KClientGetSessionUserName</h4>
<p>This function has been replaced with <code>KClientGetClientPrincipal()</code> (for client sessions) and <code>KClientGetServerPrincipal()</code> (for server sessions). Since those two functions return <code>KClientPrincipal</code>, which can subsequently be converted to several different representations of the principal, they do not need a name type argument, which has therefore been removed.</p>
<p>See the section about the <code>KClientPrincipal</code> type in the KClient 3.0 API specification to see how to convert a <code>KClientPrincipal</code> to different string representations.</p>
<h4>KClientGetTicketForService</h4>
<p>This function no longer has a service argument; to specify which service to use for a client session, use the <code>KClientSetServerPrincipal()</code> function before calling <code>KClientGetTicketForService()</code>. A new argument, checksum, has been added. See the KClient 3.0 API specification for details on using the new argument; the KClient 1.x compatibility API implicitly used the checksum of 0, so if you don't care about it, pass in 0.</p>
<h4>KClientLogin, KClientPasswordLogin</h4>
<p>These functions no longer return user's private key.</p>
<p>These functions have a new behavior; if <code>KClientSetClientPrincipal()</code> is called before either of them, the user will be required to authenticate as the principal specified to <code>KClientSetPrincipal()</code>. This functionality was previously not available in KClient API. If <code>KClientSetClientPrincipal()</code> is not called, the behavior is the same as the behavior from KClient 1.x API.</p>
<h4>KClientMakeSendAuth</h4>
<p>This function has been renamed to <code>KClientGetAuthenticatorForService()</code>, and no longer takes a service argument. Just as with <code>KClientGetTicketForService()</code>, call <code>KClientSetServerPrincipal()</code> before calling <code>KClientGetAuthenticationForService()</code> to specify the service.</p>
<h4>KClientNewSession, KServerNewSession</h4>
<p>These two functions have been renamed to <code>KClientNewClientSession()</code> and <code>KClientNewServerSession()</code>, respectively.</p>
<p>The addresses these functions take are now of the <code>KClientAddress</code> type, instead of two integer arguments. See the <code>KClientAddress</code> section of the KClient 3.0 API specification for more information.</p>
<p>The service principal taken by <code>KClientNewServerSession()</code> is now of the type <code>KClientPrincipal</code>; see the <code>KClientPrincipal</code> section of the KClient 3.0 API specification for more information.</p>
<h4>KClientStatus, KServerGetSessionTimeRemaining</h4>
<p>These two functions have been consolidated into one function, <code>KClientGetSessionTimeRemaining()</code>, which returns the time remaining on the tickets for both client and server sessions. See the KClient 3.0 API specification for more information.</p>
<h4>KClientVersion</h4>
<p>The version string argument of this function has been changed from <code>char*</code> to const <code>char**</code>. The string is no longer returned in a caller-provided buffer; instead, the string is internal to the library, and a read-only pointer to it is returned.</p>
<h4>KServerAddKey, KServerGetKey, KServerVerifyTicket</h4>
<p>These functions have been renamed as follows:</p>
<p>
<table border="1" cellpadding="0" cellspacing="2" width="192">
<tr>
<td>
<center>
<b>Old name</b></center>
</td>
<td>
<center>
<b>New name</b></center>
</td>
</tr>
<tr>
<td><code>KServerAddKey</code></td>
<td><code>KClientAddServiceKey</code></td>
</tr>
<tr>
<td><code>KServerGetKey</code></td>
<td><code>KClientGetServiceKey</code></td>
</tr>
<tr>
<td><code>KServerVerifyTicket</code></td>
<td><code>KClientVerifyAuthenticator</code></td>
</tr>
</table>
</p>
<p>None of them take a key file argument any longer. If you want to use a non-default key file, use the <code>KClientSetKeyFile()</code> function before calling any of these functions.</p>
<p>Additionally, <code>KClientAddServiceKey()</code> and <code>KClientGetServiceKey()</code> no longer take a service argument. The service is specified when the session is created with <code>KClientNewServerSession()</code>, or later with <code>KClientSetServerPrincipal()</code>.</p>
<h1>KClient APIs at a glance</h1>
<p>The following table lists all KClient 1.x API functions alphabetically, and indicates their status.</p>
<p>
<table border="1">
<tr>
<td>
<center>
<b>Function</b></center>
</td>
<td>
<center>
<b>Status</b></center>
</td>
<td>
<center>
<b>1.x compatibility comment</b></center>
</td>
<td>
<center>
<b>3.0 update comment</b></center>
</td>
</tr>
<tr>
<td><code>KClientAddCredentials</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientAddRealmMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientAddServerMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientAddSpecial</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientCacheInitialTicket</code></td>
<td>Deprecated</td>
<td>Only the special case of a ticket-granting ticket is implemented.</td>
<td></td>
</tr>
<tr>
<td><code>KClientDecrypt</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientDeleteCredentials</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientDeleteRealmMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientDeleteServerMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientDeleteSession</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientDeleteSpecial</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientDisposeSession</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientEncrypt</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientErrorText</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Error Library API</td>
</tr>
<tr>
<td><code>KClientGetCredentials</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientGetLocalRealm</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientGetNthCredential</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientGetNthRealmMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientGetNthServer</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientGetNthServerMap</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientGetNthServerPort</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientGetNthSession</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientGetNthSpecial</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientGetNumCredentials</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientGetNumSessions</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientGetNumSpecials</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientGetOption</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientGetRealm</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos v4 API</td>
</tr>
<tr>
<td><code>KClientGetSessionKey</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientGetSessionUserName</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KClientGetTicketForService</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientGetUserName</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Credentials Cache API</td>
</tr>
<tr>
<td><code>KClientKeyLogin</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientLogin</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientLogout</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientMakeSendAuth</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KClientNewSession</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KClientPasswordLogin</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientPasswordToKey</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientProtectIntegrity</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientSetLocalRealm</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientSetNthServerPort</code></td>
<td>Deprecated</td>
<td></td>
<td>Use Kerberos Profile API</td>
</tr>
<tr>
<td><code>KClientSetOption</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientSetPrompt</code></td>
<td>Unsupported</td>
<td></td>
<td></td>
</tr>
<tr>
<td><code>KClientSetUserName</code></td>
<td>Modified</td>
<td></td>
<td>Argument and semantics change</td>
</tr>
<tr>
<td><code>KClientStatus</code></td>
<td>Modified</td>
<td></td>
<td>Use KClientGetExpirationTime</td>
</tr>
<tr>
<td><code>KClientVerifyIntegrity</code></td>
<td>Supported</td>
<td></td>
<td>Argument change</td>
</tr>
<tr>
<td><code>KClientVerifyReplyTicket</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KClientVerifyUnencryptedReplyTicket</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KClientVersion</code></td>
<td>Modified</td>
<td></td>
<td>Name and argument change</td>
</tr>
<tr>
<td><code>KServerAddKey</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KServerGetKey</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KServerGetReplyTicket</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KServerGetSessionTimeRemaining</code></td>
<td>Modified</td>
<td></td>
<td>Use KClientGetExpirationTime</td>
</tr>
<tr>
<td><code>KServerNewSession</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
<tr>
<td><code>KServerVerifyTicket</code></td>
<td>Supported</td>
<td></td>
<td>Argument and name change</td>
</tr>
</table>
</p>
</blockquote>
<!-- #bbinclude "footer.template" -->
</DIV>
<DIV ID="footer">
<P>
Copyright 2005 Massachusetts Institute of Technology.<BR>
Last updated on $Date: 2005/05/04 18:24:24 $ <BR>
Last modified by $Author: lxs $
</P>
</DIV>
<!-- Begin MIT-use only web reporting counter -->
<IMG SRC="http://counter.mit.edu/tally" WIDTH=1 HEIGHT=1 ALT="">
<!-- End MIT-use only web reporting counter -->
</BODY></HTML>
<!-- end bbinclude -->