| 1 |
|
|---|
| 2 | KRB5_GET_CREDENTIALS(3) BSD Library Functions Manual KRB5_GET_CREDENTIALS(3)
|
|---|
| 3 |
|
|---|
| 4 | NNAAMMEE
|
|---|
| 5 | kkrrbb55__ggeett__ccrreeddeennttiiaallss, kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss, kkrrbb55__ggeett__kkddcc__ccrreedd,
|
|---|
| 6 | kkrrbb55__ggeett__rreenneewweedd__ccrreeddss -- get credentials from the KDC using krbtgt
|
|---|
| 7 |
|
|---|
| 8 | LLIIBBRRAARRYY
|
|---|
| 9 | Kerberos 5 Library (libkrb5, -lkrb5)
|
|---|
| 10 |
|
|---|
| 11 | SSYYNNOOPPSSIISS
|
|---|
| 12 | ##iinncclluuddee <<kkrrbb55..hh>>
|
|---|
| 13 |
|
|---|
| 14 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 15 | kkrrbb55__ggeett__ccrreeddeennttiiaallss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s,
|
|---|
| 16 | _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s);
|
|---|
| 17 |
|
|---|
| 18 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 19 | kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s,
|
|---|
| 20 | _k_r_b_5___k_d_c___f_l_a_g_s _f_l_a_g_s, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s,
|
|---|
| 21 | _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s);
|
|---|
| 22 |
|
|---|
| 23 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 24 | kkrrbb55__ggeett__kkddcc__ccrreedd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___c_c_a_c_h_e _i_d,
|
|---|
| 25 | _k_r_b_5___k_d_c___f_l_a_g_s _f_l_a_g_s, _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_e_s_s_e_s,
|
|---|
| 26 | _T_i_c_k_e_t _*_s_e_c_o_n_d___t_i_c_k_e_t, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s);
|
|---|
| 27 |
|
|---|
| 28 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 29 | kkrrbb55__ggeett__rreenneewweedd__ccrreeddss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s,
|
|---|
| 30 | _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _c_l_i_e_n_t, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e,
|
|---|
| 31 | _c_o_n_s_t _c_h_a_r _*_i_n___t_k_t___s_e_r_v_i_c_e);
|
|---|
| 32 |
|
|---|
| 33 | DDEESSCCRRIIPPTTIIOONN
|
|---|
| 34 | kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss() get credentials specified by
|
|---|
| 35 | _i_n___c_r_e_d_s_-_>_s_e_r_v_e_r and _i_n___c_r_e_d_s_-_>_c_l_i_e_n_t (the rest of the _i_n___c_r_e_d_s structure
|
|---|
| 36 | is ignored) by first looking in the _c_c_a_c_h_e and if doesn't exists or is
|
|---|
| 37 | expired, fetch the credential from the KDC using the krbtgt in _c_c_a_c_h_e.
|
|---|
| 38 | The credential is returned in _o_u_t___c_r_e_d_s and should be freed using the
|
|---|
| 39 | function kkrrbb55__ffrreeee__ccrreeddss().
|
|---|
| 40 |
|
|---|
| 41 | Valid flags to pass into _o_p_t_i_o_n_s argument are:
|
|---|
| 42 |
|
|---|
| 43 | KRB5_GC_CACHED Only check the _c_c_a_c_h_e, don't got out on network to
|
|---|
| 44 | fetch credential.
|
|---|
| 45 | KRB5_GC_USER_USER Request a user to user ticket. This option doesn't
|
|---|
| 46 | store the resulting user to user credential in the
|
|---|
| 47 | _c_c_a_c_h_e.
|
|---|
| 48 | KRB5_GC_EXPIRED_OK returns the credential even if it is expired, default
|
|---|
| 49 | behavior is trying to refetch the credential from the
|
|---|
| 50 | KDC.
|
|---|
| 51 |
|
|---|
| 52 | _F_l_a_g_s are KDCOptions, note the caller must fill in the bit-field and not
|
|---|
| 53 | use the integer associated structure.
|
|---|
| 54 |
|
|---|
| 55 | kkrrbb55__ggeett__ccrreeddeennttiiaallss() works the same way as
|
|---|
| 56 | kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss() except that the _f_l_a_g_s field is missing.
|
|---|
| 57 |
|
|---|
| 58 | kkrrbb55__ggeett__kkddcc__ccrreedd() does the same as the functions above, but the caller
|
|---|
| 59 | must fill in all the information andits closer to the wire protocol.
|
|---|
| 60 |
|
|---|
| 61 | kkrrbb55__ggeett__rreenneewweedd__ccrreeddss() renews a credential given by _i_n___t_k_t___s_e_r_v_i_c_e (if
|
|---|
| 62 | NULL the default krbtgt) using the credential cache _c_c_a_c_h_e. The result
|
|---|
| 63 | is stored in _c_r_e_d_s and should be freed using _k_r_b_5___f_r_e_e___c_r_e_d_s.
|
|---|
| 64 |
|
|---|
| 65 | EEXXAAMMPPLLEESS
|
|---|
| 66 | Here is a example function that get a credential from a credential cache
|
|---|
| 67 | _i_d or the KDC and returns it to the caller.
|
|---|
| 68 |
|
|---|
| 69 | #include <krb5.h>
|
|---|
| 70 |
|
|---|
| 71 | int
|
|---|
| 72 | getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
|
|---|
| 73 | {
|
|---|
| 74 | krb5_error_code ret;
|
|---|
| 75 | krb5_creds in;
|
|---|
| 76 |
|
|---|
| 77 | ret = krb5_parse_name(context, "client@EXAMPLE.COM",
|
|---|
| 78 | &in.client);
|
|---|
| 79 | if (ret)
|
|---|
| 80 | krb5_err(context, 1, ret, "krb5_parse_name");
|
|---|
| 81 |
|
|---|
| 82 | ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM",
|
|---|
| 83 | &in.server);
|
|---|
| 84 | if (ret)
|
|---|
| 85 | krb5_err(context, 1, ret, "krb5_parse_name");
|
|---|
| 86 |
|
|---|
| 87 | ret = krb5_get_credentials(context, 0, id, &in, creds);
|
|---|
| 88 | if (ret)
|
|---|
| 89 | krb5_err(context, 1, ret, "krb5_get_credentials");
|
|---|
| 90 |
|
|---|
| 91 | return 0;
|
|---|
| 92 | }
|
|---|
| 93 |
|
|---|
| 94 | SSEEEE AALLSSOO
|
|---|
| 95 | krb5(3), krb5_get_forwarded_creds(3), krb5.conf(5)
|
|---|
| 96 |
|
|---|
| 97 | HEIMDAL July 26, 2004 HEIMDAL
|
|---|
