KRB5_GET_CREDENTIALS(3) BSD Library Functions Manual KRB5_GET_CREDENTIALS(3) NNAAMMEE kkrrbb55__ggeett__ccrreeddeennttiiaallss, kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss, kkrrbb55__ggeett__kkddcc__ccrreedd, kkrrbb55__ggeett__rreenneewweedd__ccrreeddss -- get credentials from the KDC using krbtgt LLIIBBRRAARRYY Kerberos 5 Library (libkrb5, -lkrb5) SSYYNNOOPPSSIISS ##iinncclluuddee <> _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__ccrreeddeennttiiaallss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _k_r_b_5___k_d_c___f_l_a_g_s _f_l_a_g_s, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__kkddcc__ccrreedd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___c_c_a_c_h_e _i_d, _k_r_b_5___k_d_c___f_l_a_g_s _f_l_a_g_s, _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_e_s_s_e_s, _T_i_c_k_e_t _*_s_e_c_o_n_d___t_i_c_k_e_t, _k_r_b_5___c_r_e_d_s _*_i_n___c_r_e_d_s, _k_r_b_5___c_r_e_d_s _*_*_o_u_t___c_r_e_d_s); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__rreenneewweedd__ccrreeddss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___c_o_n_s_t___p_r_i_n_c_i_p_a_l _c_l_i_e_n_t, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_i_n___t_k_t___s_e_r_v_i_c_e); DDEESSCCRRIIPPTTIIOONN kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss() get credentials specified by _i_n___c_r_e_d_s_-_>_s_e_r_v_e_r and _i_n___c_r_e_d_s_-_>_c_l_i_e_n_t (the rest of the _i_n___c_r_e_d_s structure is ignored) by first looking in the _c_c_a_c_h_e and if doesn't exists or is expired, fetch the credential from the KDC using the krbtgt in _c_c_a_c_h_e. The credential is returned in _o_u_t___c_r_e_d_s and should be freed using the function kkrrbb55__ffrreeee__ccrreeddss(). Valid flags to pass into _o_p_t_i_o_n_s argument are: KRB5_GC_CACHED Only check the _c_c_a_c_h_e, don't got out on network to fetch credential. KRB5_GC_USER_USER Request a user to user ticket. This option doesn't store the resulting user to user credential in the _c_c_a_c_h_e. KRB5_GC_EXPIRED_OK returns the credential even if it is expired, default behavior is trying to refetch the credential from the KDC. _F_l_a_g_s are KDCOptions, note the caller must fill in the bit-field and not use the integer associated structure. kkrrbb55__ggeett__ccrreeddeennttiiaallss() works the same way as kkrrbb55__ggeett__ccrreeddeennttiiaallss__wwiitthh__ffllaaggss() except that the _f_l_a_g_s field is missing. kkrrbb55__ggeett__kkddcc__ccrreedd() does the same as the functions above, but the caller must fill in all the information andits closer to the wire protocol. kkrrbb55__ggeett__rreenneewweedd__ccrreeddss() renews a credential given by _i_n___t_k_t___s_e_r_v_i_c_e (if NULL the default krbtgt) using the credential cache _c_c_a_c_h_e. The result is stored in _c_r_e_d_s and should be freed using _k_r_b_5___f_r_e_e___c_r_e_d_s. EEXXAAMMPPLLEESS Here is a example function that get a credential from a credential cache _i_d or the KDC and returns it to the caller. #include int getcred(krb5_context context, krb5_ccache id, krb5_creds **creds) { krb5_error_code ret; krb5_creds in; ret = krb5_parse_name(context, "client@EXAMPLE.COM", &in.client); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM", &in.server); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_get_credentials(context, 0, id, &in, creds); if (ret) krb5_err(context, 1, ret, "krb5_get_credentials"); return 0; } SSEEEE AALLSSOO krb5(3), krb5_get_forwarded_creds(3), krb5.conf(5) HEIMDAL July 26, 2004 HEIMDAL