aboutsummaryrefslogtreecommitdiffstats
path: root/lib/krb5/krb5_get_creds.cat3
blob: 9aef83e6fbb7441753d75ab06d452de4727846b1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

KRB5_GET_CREDS(3)        BSD Library Functions Manual        KRB5_GET_CREDS(3)

NNAAMMEE
     kkrrbb55__ggeett__ccrreeddss, kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss, kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc,
     kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee, kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee,
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee, kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss,
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett -- get credentials from the KDC

LLIIBBRRAARRYY
     Kerberos 5 Library (libkrb5, -lkrb5)

SSYYNNOOPPSSIISS
     ##iinncclluuddee <<kkrrbb55..hh>>

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__ggeett__ccrreeddss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t,
         _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _i_n_p_r_i_n_c,
         _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s);

     _v_o_i_d
     kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
         _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _*_o_p_t);

     _v_o_i_d
     kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t);

     _v_o_i_d
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
         _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
         _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _s_e_l_f);

     _v_o_i_d
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
         _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
         _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _c_o_n_s_t _T_i_c_k_e_t _*_t_i_c_k_e_t);

DDEESSCCRRIIPPTTIIOONN
     kkrrbb55__ggeett__ccrreeddss() fetches credentials specified by _o_p_t by first looking in
     the _c_c_a_c_h_e, and then it doesn't exists, fetch the credential from the KDC
     using the krbtgts in _c_c_a_c_h_e.  The credential is returned in _o_u_t___c_r_e_d_s and
     should be freed using the function kkrrbb55__ffrreeee__ccrreeddss().

     The structure krb5_get_creds_opt controls the behavior of
     kkrrbb55__ggeett__ccrreeddss().  The structure is opaque to consumers that can set the
     content of the structure with accessors functions. All accessor functions
     make copies of the data that is passed into accessor functions, so exter-
     nal consumers free the memory before calling kkrrbb55__ggeett__ccrreeddss().

     The structure krb5_get_creds_opt is allocated with
     kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc() and freed with kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee().  The
     free function also frees the content of the structure set by the accessor
     functions.

     kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss() and kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss()
     adds and sets options to the structure .  The possible options to set are
     KRB5_GC_CACHED     Only check the _c_c_a_c_h_e, don't got out on network to
                        fetch credential.
     KRB5_GC_USER_USER  request a user to user ticket.  This options doesn't
                        store the resulting user to user credential in the
                        _c_c_a_c_h_e.
     KRB5_GC_EXPIRED_OK
                        returns the credential even if it is expired, default
                        behavior is trying to refetch the credential from the
                        KDC.
     KRB5_GC_NO_STORE   Do not store the resulting credentials in the _c_c_a_c_h_e.

     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee() sets the preferred encryption type of
     the application. Don't set this unless you have to since if there is no
     match in the KDC, the function call will fail.

     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee() sets the principal to impersonate.,
     Returns a ticket that have the impersonation principal as a client and
     the requestor as the service. Note that the requested principal have to
     be the same as the client principal in the krbtgt.

     kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett() sets the extra ticket used in user-to-
     user or contrained delegation use case.

SSEEEE AALLSSOO
     krb5(3), krb5_get_credentials(3), krb5.conf(5)

HEIMDAL                          June 15, 2006                         HEIMDAL