krb5_credential - Online Linux Manual PageSection : 3
Updated : Tue Nov 15 2022
Source : Version 7.8.0
Note : Heimdal Kerberos 5 library

NAMEkrb5_credential − Heimdal Kerberos 5 credential handing functions

SYNOPSIS

FunctionsKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt **opt)
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char *service)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char *password)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)

Detailed Description

Function Documentation

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data​. If hostname == NULL, pick it from server​. Parameters context A kerberos 5 context​.
auth_context the auth context with the key to encrypt the out_data​.
hostname the host to forward the tickets too​.
client the client to delegate from​.
server the server to delegate the credential too​.
ccache credential cache to use​.
forwardable make the forwarded ticket forwabledable​.
out_data the resulting credential​.
Returns Return an error code or 0​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)Gets tickets forwarded to hostname​. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less​. If the ticket have any address, hostname will be used for figure out the address to forward the ticket too​. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host​. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS​. This IPv6 address might be used communications and thus the resulting ticket useless​. Parameters context A kerberos 5 context​.
auth_context the auth context with the key to encrypt the out_data​.
ccache credential cache to use
flags the flags to control the resulting ticket flags
hostname the host to forward the tickets too​.
in_creds the in client and server ticket names​. The client and server components forwarded to the remote host​.
out_data the resulting credential​.
Returns Return an error code or 0​. Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets​. The session key is used otherwise to encrypt the forwarded ticket​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)Get new credentials using keyblock​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)Get new credentials using keytab​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)Allocate a new krb5_get_init_creds_opt structure, free with krb5_get_init_creds_opt_free()​.

KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)Free krb5_get_init_creds_opt structure​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)Get new credentials using password​.

KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)Free the krb5_init_creds_context allocated by krb5_init_creds_init()​. Parameters context A Kerberos 5 context​.
ctx The krb5_init_creds_context to free​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)Get new credentials as setup by the krb5_init_creds_context​. Parameters context A Kerberos 5 context​.
ctx The krb5_init_creds_context to process​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)Get the last error from the transaction​. Returns Returns 0 or an error code

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)Start a new context to get a new initial credential​. Parameters context A Kerberos 5 context​.
client The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal()​.
prompter
prompter_data
start_time the time the ticket should start to be valid or 0 for now​.
options a options structure, can be NULL for default options​.
rctx A new allocated free with krb5_init_creds_free()​.
Returns 0 for success or an Kerberos 5 error code, see krb5_get_error_message()​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)Set the keytab to use for authentication​. Parameters context a Kerberos 5 context​.
ctx ctx krb5_init_creds_context context​.
keytab the keytab to read the key from​.
Returns 0 for success, or an Kerberos 5 error code, see krb5_get_error_message()​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)Sets the password that will use for the request​. Parameters context a Kerberos 5 context​.
ctx ctx krb5_init_creds_context context​.
password the password to use​.
Returns 0 for success, or an Kerberos 5 error code, see krb5_get_error_message()​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)Sets the service that the is requested​. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm​. Parameters context a Kerberos 5 context​.
ctx a krb5_init_creds_context context​.
service the service given as a string, for example 'kadmind/admin'​. If NULL, the default krbtgt in the clients realm is set​.
Returns 0 for success, or an Kerberos 5 error code, see krb5_get_error_message()​.

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)The core loop if krb5_get_init_creds() function family​. Create the packets and have the caller send them off to the KDC​. If the caller want all work been done for them, use krb5_init_creds_get() instead​. Parameters context a Kerberos 5 context​.
ctx ctx krb5_init_creds_context context​.
in input data from KDC, first round it should be reset by krb5_data_zer()​.
out reply to KDC​.
hostinfo KDC address info, first round it can be NULL​.
flags status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round​.
Returns 0 for success, or an Kerberos 5 error code, see krb5_get_error_message()​.

AuthorGenerated automatically by Doxygen for Heimdal Kerberos 5 library from the source code​.
0
Johanes Gumabo
Data Size   :   37,037 byte
man-krb5_init_creds_free.3Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   4 / 171,528
Visitor ID   :     :  
Visitor IP   :   3.17.181.181   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.