--- /dev/null
+Kerberos v5 has the ability to use multiple checksum algorithms. Any
+checksum implementation which desires to link with and be usable from the MIT
+Kerberos v5 implementation must implement this interface:
+
+\subsection{Functional interface}
+
+\begin{funcdecl}{sum_func}{krb5_error_code}{\funcin}
+\funcarg{krb5_pointer}{in}
+\funcarg{size_t}{in_length}
+\funcarg{krb5_pointer}{seed}
+\funcarg{size_t}{seed_length}
+\funcout
+\funcarg{krb5_checksum *}{outcksum}
+\end{funcdecl}
+
+This routine computes the desired checksum over \funcparam{in_length} bytes
+at \funcparam{in}. \funcparam{seed_length} bytes of a seed (usually an
+encryption key) are pointed to by \funcparam{seed}. Some checksum
+algorithms may choose to ignore \funcparam{seed}. If
+\funcparam{seed_length} is zero, then there is no seed available.
+The routine places the resulting value into \funcparam{outcksum{\ptsto}contents}.
+
+\funcparam{outcksum{\ptsto}contents} must be set by the caller to point
+to enough storage to contain the checksum; the size necessary is an
+element of the \datatype{krb5_checksum_entry} structure.
+
+\subsection{Other data elements}
+In addition to the above listed function entry point, each checksum algorithm
+should have an entry in \globalname{krb5_cksumarray} and a
+\datatype{krb5_checksum_entry} structure describing the entry points
+and checksum size for the algorithm.