Section: C Library Functions (3)Local indexUp BSD mandoc
HEIMDAL
NAME
krb5_get_credskrb5_get_creds_opt_add_optionskrb5_get_creds_opt_allockrb5_get_creds_opt_freekrb5_get_creds_opt_set_enctypekrb5_get_creds_opt_set_impersonatekrb5_get_creds_opt_set_optionskrb5_get_creds_opt_set_ticket
- get credentials from the KDC
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
In krb5.h
Ft krb5_error_code
Fo krb5_get_creds
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa krb5_ccache ccache
Fa krb5_const_principal inprinc
Fa krb5_creds **out_creds
Fc Ft void
Fo krb5_get_creds_opt_add_options
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa krb5_flags options
Fc Ft krb5_error_code
Fo krb5_get_creds_opt_alloc
Fa krb5_context context
Fa krb5_get_creds_opt *opt
Fc Ft void
Fo krb5_get_creds_opt_free
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fc Ft void
Fo krb5_get_creds_opt_set_enctype
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa krb5_enctype enctype
Fc Ft krb5_error_code
Fo krb5_get_creds_opt_set_impersonate
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa krb5_const_principal self
Fc Ft void
Fo krb5_get_creds_opt_set_options
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa krb5_flags options
Fc Ft krb5_error_code
Fo krb5_get_creds_opt_set_ticket
Fa krb5_context context
Fa krb5_get_creds_opt opt
Fa const Ticket *ticket
Fc
DESCRIPTION
Fn krb5_get_creds
fetches credentials specified by
Fa opt
by first looking in the
Fa ccache ,
and then it doesn't exists, fetch the credential from the KDC
using the krbtgts in
Fa ccache .
The credential is returned in
Fa out_creds
and should be freed using the function
Fn krb5_free_creds .
The structure
krb5_get_creds_opt
controls the behavior of
Fn krb5_get_creds .
The structure is opaque to consumers that can set the content of the
structure with accessors functions. All accessor functions make copies
of the data that is passed into accessor functions, so external
consumers free the memory before calling
Fn krb5_get_creds .
The structure
krb5_get_creds_opt
is allocated with
Fn krb5_get_creds_opt_alloc
and freed with
Fn krb5_get_creds_opt_free .
The free function also frees the content of the structure set by the
accessor functions.
Fn krb5_get_creds_opt_add_options
and
Fn krb5_get_creds_opt_set_options
adds and sets options to the
Fi krb5_get_creds_opt
structure .
The possible options to set are
KRB5_GC_CACHED
Only check the
Fa ccache ,
don't got out on network to fetch credential.
KRB5_GC_USER_USER
request a user to user ticket.
This options doesn't store the resulting user to user credential in
the
Fa ccache .
KRB5_GC_EXPIRED_OK
returns the credential even if it is expired, default behavior is trying
to refetch the credential from the KDC.
KRB5_GC_NO_STORE
Do not store the resulting credentials in the
Fa ccache .
Fn krb5_get_creds_opt_set_enctype
sets the preferred encryption type of the application. Don't set this
unless you have to since if there is no match in the KDC, the function
call will fail.
Fn krb5_get_creds_opt_set_impersonate
sets the principal to impersonate., Returns a ticket that have the
impersonation principal as a client and the requestor as the
service. Note that the requested principal have to be the same as the
client principal in the krbtgt.
Fn krb5_get_creds_opt_set_ticket
sets the extra ticket used in user-to-user or contrained delegation use case.