| 1 |
|
|---|
| 2 | KRB5_GET_CREDS(3) BSD Library Functions Manual KRB5_GET_CREDS(3)
|
|---|
| 3 |
|
|---|
| 4 | NNAAMMEE
|
|---|
| 5 | kkrrbb55__ggeett__ccrreeddss, kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss, kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc,
|
|---|
| 6 | kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee, kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee,
|
|---|
| 7 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee, kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss,
|
|---|
| 8 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett -- get credentials from the KDC
|
|---|
| 9 |
|
|---|
| 10 | LLIIBBRRAARRYY
|
|---|
| 11 | Kerberos 5 Library (libkrb5, -lkrb5)
|
|---|
| 12 |
|
|---|
| 13 | SSYYNNOOPPSSIISS
|
|---|
| 14 | ##iinncclluuddee <<kkrrbb55..hh>>
|
|---|
| 15 |
|
|---|
| 16 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 17 | kkrrbb55__ggeett__ccrreeddss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t,
|
|---|
| 18 | _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _i_n_p_r_i_n_c,
|
|---|
| 19 | _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s);
|
|---|
| 20 |
|
|---|
| 21 | _v_o_i_d
|
|---|
| 22 | kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 23 | _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s);
|
|---|
| 24 |
|
|---|
| 25 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 26 | kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _*_o_p_t);
|
|---|
| 27 |
|
|---|
| 28 | _v_o_i_d
|
|---|
| 29 | kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t);
|
|---|
| 30 |
|
|---|
| 31 | _v_o_i_d
|
|---|
| 32 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 33 | _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___e_n_c_t_y_p_e _e_n_c_t_y_p_e);
|
|---|
| 34 |
|
|---|
| 35 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 36 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 37 | _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _s_e_l_f);
|
|---|
| 38 |
|
|---|
| 39 | _v_o_i_d
|
|---|
| 40 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 41 | _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s);
|
|---|
| 42 |
|
|---|
| 43 | _k_r_b_5___e_r_r_o_r___c_o_d_e
|
|---|
| 44 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
|
|---|
| 45 | _k_r_b_5___g_e_t___c_r_e_d_s___o_p_t _o_p_t, _c_o_n_s_t _T_i_c_k_e_t _*_t_i_c_k_e_t);
|
|---|
| 46 |
|
|---|
| 47 | DDEESSCCRRIIPPTTIIOONN
|
|---|
| 48 | kkrrbb55__ggeett__ccrreeddss() fetches credentials specified by _o_p_t by first looking in
|
|---|
| 49 | the _c_c_a_c_h_e, and then it doesn't exists, fetch the credential from the KDC
|
|---|
| 50 | using the krbtgts in _c_c_a_c_h_e. The credential is returned in _o_u_t___c_r_e_d_s and
|
|---|
| 51 | should be freed using the function kkrrbb55__ffrreeee__ccrreeddss().
|
|---|
| 52 |
|
|---|
| 53 | The structure krb5_get_creds_opt controls the behavior of
|
|---|
| 54 | kkrrbb55__ggeett__ccrreeddss(). The structure is opaque to consumers that can set the
|
|---|
| 55 | content of the structure with accessors functions. All accessor functions
|
|---|
| 56 | make copies of the data that is passed into accessor functions, so exter-
|
|---|
| 57 | nal consumers free the memory before calling kkrrbb55__ggeett__ccrreeddss().
|
|---|
| 58 |
|
|---|
| 59 | The structure krb5_get_creds_opt is allocated with
|
|---|
| 60 | kkrrbb55__ggeett__ccrreeddss__oopptt__aalllloocc() and freed with kkrrbb55__ggeett__ccrreeddss__oopptt__ffrreeee(). The
|
|---|
| 61 | free function also frees the content of the structure set by the accessor
|
|---|
| 62 | functions.
|
|---|
| 63 |
|
|---|
| 64 | kkrrbb55__ggeett__ccrreeddss__oopptt__aadddd__ooppttiioonnss() and kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ooppttiioonnss()
|
|---|
| 65 | adds and sets options to the structure . The possible options to set are
|
|---|
| 66 | KRB5_GC_CACHED Only check the _c_c_a_c_h_e, don't got out on network to
|
|---|
| 67 | fetch credential.
|
|---|
| 68 | KRB5_GC_USER_USER request a user to user ticket. This options doesn't
|
|---|
| 69 | store the resulting user to user credential in the
|
|---|
| 70 | _c_c_a_c_h_e.
|
|---|
| 71 | KRB5_GC_EXPIRED_OK
|
|---|
| 72 | returns the credential even if it is expired, default
|
|---|
| 73 | behavior is trying to refetch the credential from the
|
|---|
| 74 | KDC.
|
|---|
| 75 | KRB5_GC_NO_STORE Do not store the resulting credentials in the _c_c_a_c_h_e.
|
|---|
| 76 |
|
|---|
| 77 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__eennccttyyppee() sets the preferred encryption type of
|
|---|
| 78 | the application. Don't set this unless you have to since if there is no
|
|---|
| 79 | match in the KDC, the function call will fail.
|
|---|
| 80 |
|
|---|
| 81 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__iimmppeerrssoonnaattee() sets the principal to impersonate.,
|
|---|
| 82 | Returns a ticket that have the impersonation principal as a client and
|
|---|
| 83 | the requestor as the service. Note that the requested principal have to
|
|---|
| 84 | be the same as the client principal in the krbtgt.
|
|---|
| 85 |
|
|---|
| 86 | kkrrbb55__ggeett__ccrreeddss__oopptt__sseett__ttiicckkeett() sets the extra ticket used in user-to-
|
|---|
| 87 | user or contrained delegation use case.
|
|---|
| 88 |
|
|---|
| 89 | SSEEEE AALLSSOO
|
|---|
| 90 | krb5(3), krb5_get_credentials(3), krb5.conf(5)
|
|---|
| 91 |
|
|---|
| 92 | HEIMDAL June 15, 2006 HEIMDAL
|
|---|
