.TH "krb5_credential" 3 "Tue Jul 11 2017" "Version 7.4.0" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME krb5_credential \- Heimdal Kerberos 5 credential handing functions .SS "Functions" .in +1c .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_fwd_tgt_creds\fP (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_forwarded_creds\fP (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_alloc\fP (krb5_context context, krb5_get_init_creds_opt **opt)" .br .ti -1c .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_free\fP (krb5_context context, krb5_get_init_creds_opt *opt)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_init\fP (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_service\fP (krb5_context context, krb5_init_creds_context ctx, const char *service)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_password\fP (krb5_context context, krb5_init_creds_context ctx, const char *password)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_keytab\fP (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_step\fP (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get_error\fP (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)" .br .ti -1c .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_creds_free\fP (krb5_context context, krb5_init_creds_context ctx)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get\fP (krb5_context context, krb5_init_creds_context ctx)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_password\fP (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keyblock\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keytab\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)" Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data\&. If hostname == NULL, pick it from server\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A kerberos 5 context\&. .br \fIauth_context\fP the auth context with the key to encrypt the out_data\&. .br \fIhostname\fP the host to forward the tickets too\&. .br \fIclient\fP the client to delegate from\&. .br \fIserver\fP the server to delegate the credential too\&. .br \fIccache\fP credential cache to use\&. .br \fIforwardable\fP make the forwarded ticket forwabledable\&. .br \fIout_data\fP the resulting credential\&. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)" Gets tickets forwarded to hostname\&. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less\&. .PP If the ticket have any address, hostname will be used for figure out the address to forward the ticket too\&. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host\&. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS\&. This IPv6 address might be used communications and thus the resulting ticket useless\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A kerberos 5 context\&. .br \fIauth_context\fP the auth context with the key to encrypt the out_data\&. .br \fIccache\fP credential cache to use .br \fIflags\fP the flags to control the resulting ticket flags .br \fIhostname\fP the host to forward the tickets too\&. .br \fIin_creds\fP the in client and server ticket names\&. The client and server components forwarded to the remote host\&. .br \fIout_data\fP the resulting credential\&. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0\&. .RE .PP Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets\&. The session key is used otherwise to encrypt the forwarded ticket\&. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" Get new credentials using keyblock\&. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" Get new credentials using keytab\&. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)" Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP\&. .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)" Free krb5_get_init_creds_opt structure\&. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" Get new credentials using password\&. .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)" Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context\&. .br \fIctx\fP The krb5_init_creds_context to free\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)" Get new credentials as setup by the krb5_init_creds_context\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context\&. .br \fIctx\fP The krb5_init_creds_context to process\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)" Get the last error from the transaction\&. .PP \fBReturns:\fP .RS 4 Returns 0 or an error code .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)" Start a new context to get a new initial credential\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context\&. .br \fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal()\&. .br \fIprompter\fP .br \fIprompter_data\fP .br \fIstart_time\fP the time the ticket should start to be valid or 0 for now\&. .br \fIoptions\fP a options structure, can be NULL for default options\&. .br \fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP\&. .RE .PP \fBReturns:\fP .RS 4 0 for success or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" Set the keytab to use for authentication\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Kerberos 5 context\&. .br \fIctx\fP ctx krb5_init_creds_context context\&. .br \fIkeytab\fP the keytab to read the key from\&. .RE .PP \fBReturns:\fP .RS 4 0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)" Sets the password that will use for the request\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Kerberos 5 context\&. .br \fIctx\fP ctx krb5_init_creds_context context\&. .br \fIpassword\fP the password to use\&. .RE .PP \fBReturns:\fP .RS 4 0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)" Sets the service that the is requested\&. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Kerberos 5 context\&. .br \fIctx\fP a krb5_init_creds_context context\&. .br \fIservice\fP the service given as a string, for example 'kadmind/admin'\&. If NULL, the default krbtgt in the clients realm is set\&. .RE .PP \fBReturns:\fP .RS 4 0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)" The core loop if krb5_get_init_creds() function family\&. Create the packets and have the caller send them off to the KDC\&. .PP If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead\&. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Kerberos 5 context\&. .br \fIctx\fP ctx krb5_init_creds_context context\&. .br \fIin\fP input data from KDC, first round it should be reset by krb5_data_zer()\&. .br \fIout\fP reply to KDC\&. .br \fIhostinfo\fP KDC address info, first round it can be NULL\&. .br \fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round\&. .RE .PP \fBReturns:\fP .RS 4 0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. .RE .PP .SH "Author" .PP Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.