Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.


KRB5_GET_CREDS(3)          Library Functions Manual          KRB5_GET_CREDS(3)

NAME
     krb5_get_creds, krb5_get_creds_opt_add_options, krb5_get_creds_opt_alloc,
     krb5_get_creds_opt_free, krb5_get_creds_opt_set_enctype,
     krb5_get_creds_opt_set_impersonate, krb5_get_creds_opt_set_options,
     krb5_get_creds_opt_set_ticket - get credentials from the KDC

LIBRARY
     Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS
     #include <krb5/krb5.h>

     krb5_error_code
     krb5_get_creds(krb5_context context, krb5_get_creds_opt opt,
         krb5_ccache ccache, krb5_const_principal inprinc,
         krb5_creds **out_creds);

     void
     krb5_get_creds_opt_add_options(krb5_context context,
         krb5_get_creds_opt opt, krb5_flags options);

     krb5_error_code
     krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt);

     void
     krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt);

     void
     krb5_get_creds_opt_set_enctype(krb5_context context,
         krb5_get_creds_opt opt, krb5_enctype enctype);

     krb5_error_code
     krb5_get_creds_opt_set_impersonate(krb5_context context,
         krb5_get_creds_opt opt, krb5_const_principal self);

     void
     krb5_get_creds_opt_set_options(krb5_context context,
         krb5_get_creds_opt opt, krb5_flags options);

     krb5_error_code
     krb5_get_creds_opt_set_ticket(krb5_context context,
         krb5_get_creds_opt opt, const Ticket *ticket);

DESCRIPTION
     krb5_get_creds() fetches credentials specified by opt by first looking in
     the ccache, and then it doesn't exists, fetch the credential from the KDC
     using the krbtgts in ccache.  The credential is returned in out_creds and
     should be freed using the function krb5_free_creds().

     The structure krb5_get_creds_opt controls the behavior of
     krb5_get_creds().  The structure is opaque to consumers that can set the
     content of the structure with accessors functions. All accessor functions
     make copies of the data that is passed into accessor functions, so
     external consumers free the memory before calling krb5_get_creds().

     The structure krb5_get_creds_opt is allocated with
     krb5_get_creds_opt_alloc() and freed with krb5_get_creds_opt_free().  The
     free function also frees the content of the structure set by the accessor
     functions.

     krb5_get_creds_opt_add_options() and krb5_get_creds_opt_set_options()
     adds and sets options to the krb5_get_creds_opt structure .  The possible
     options to set are
     KRB5_GC_CACHED     Only check the ccache, don't got out on network to
                        fetch credential.
     KRB5_GC_USER_USER  request a user to user ticket.  This options doesn't
                        store the resulting user to user credential in the
                        ccache.
     KRB5_GC_EXPIRED_OK
                        returns the credential even if it is expired, default
                        behavior is trying to refetch the credential from the
                        KDC.
     KRB5_GC_NO_STORE   Do not store the resulting credentials in the ccache.

     krb5_get_creds_opt_set_enctype() sets the preferred encryption type of
     the application. Don't set this unless you have to since if there is no
     match in the KDC, the function call will fail.

     krb5_get_creds_opt_set_impersonate() sets the principal to impersonate.,
     Returns a ticket that have the impersonation principal as a client and
     the requestor as the service. Note that the requested principal have to
     be the same as the client principal in the krbtgt.

     krb5_get_creds_opt_set_ticket() sets the extra ticket used in user-to-
     user or contrained delegation use case.

SEE ALSO
     krb5(3), krb5_get_credentials(3), krb5.conf(5)

NetBSD 10.99                     June 15, 2006                    NetBSD 10.99