KRB5_GET_IN_TKT(3) BSD Library Functions Manual KRB5_GET_IN_TKT(3) NNAAMMEE kkrrbb55__ggeett__iinn__ttkktt, kkrrbb55__ggeett__iinn__ccrreedd, kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__ppaasssswwoorrdd, kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__kkeeyyttaabb, kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__sskkeeyy, kkrrbb55__ffrreeee__kkddcc__rreepp, kkrrbb55__ppaasssswwoorrdd__kkeeyy__pprroocc -- deprecated initial authenti- cation functions LLIIBBRRAARRYY Kerberos 5 Library (libkrb5, -lkrb5) SSYYNNOOPPSSIISS ##iinncclluuddee <> _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__iinn__ttkktt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _c_o_n_s_t _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_s, _c_o_n_s_t _k_r_b_5___e_n_c_t_y_p_e _*_e_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_t_y_p_e _*_p_t_y_p_e_s, _k_r_b_5___k_e_y___p_r_o_c _k_e_y___p_r_o_c, _k_r_b_5___c_o_n_s_t___p_o_i_n_t_e_r _k_e_y_s_e_e_d, _k_r_b_5___d_e_c_r_y_p_t___p_r_o_c _d_e_c_r_y_p_t___p_r_o_c, _k_r_b_5___c_o_n_s_t___p_o_i_n_t_e_r _d_e_c_r_y_p_t_a_r_g, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___k_d_c___r_e_p _*_r_e_t___a_s___r_e_p_l_y); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__iinn__ccrreedd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _c_o_n_s_t _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_s, _c_o_n_s_t _k_r_b_5___e_n_c_t_y_p_e _*_e_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_t_y_p_e _*_p_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_d_a_t_a _*_p_r_e_a_u_t_h, _k_r_b_5___k_e_y___p_r_o_c _k_e_y___p_r_o_c, _k_r_b_5___c_o_n_s_t___p_o_i_n_t_e_r _k_e_y_s_e_e_d, _k_r_b_5___d_e_c_r_y_p_t___p_r_o_c _d_e_c_r_y_p_t___p_r_o_c, _k_r_b_5___c_o_n_s_t___p_o_i_n_t_e_r _d_e_c_r_y_p_t_a_r_g, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___k_d_c___r_e_p _*_r_e_t___a_s___r_e_p_l_y); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__ppaasssswwoorrdd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_s, _c_o_n_s_t _k_r_b_5___e_n_c_t_y_p_e _*_e_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_t_y_p_e _*_p_r_e___a_u_t_h___t_y_p_e_s, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___k_d_c___r_e_p _*_r_e_t___a_s___r_e_p_l_y); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__kkeeyyttaabb(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_s, _c_o_n_s_t _k_r_b_5___e_n_c_t_y_p_e _*_e_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_t_y_p_e _*_p_r_e___a_u_t_h___t_y_p_e_s, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___k_d_c___r_e_p _*_r_e_t___a_s___r_e_p_l_y); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__sskkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___f_l_a_g_s _o_p_t_i_o_n_s, _k_r_b_5___a_d_d_r_e_s_s_e_s _*_a_d_d_r_s, _c_o_n_s_t _k_r_b_5___e_n_c_t_y_p_e _*_e_t_y_p_e_s, _c_o_n_s_t _k_r_b_5___p_r_e_a_u_t_h_t_y_p_e _*_p_r_e___a_u_t_h___t_y_p_e_s, _c_o_n_s_t _k_r_b_5___k_e_y_b_l_o_c_k _*_k_e_y, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s, _k_r_b_5___k_d_c___r_e_p _*_r_e_t___a_s___r_e_p_l_y); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ffrreeee__kkddcc__rreepp(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___k_d_c___r_e_p _*_r_e_p); _k_r_b_5___e_r_r_o_r___c_o_d_e kkrrbb55__ppaasssswwoorrdd__kkeeyy__pprroocc(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___e_n_c_t_y_p_e _t_y_p_e, _k_r_b_5___s_a_l_t _s_a_l_t, _k_r_b_5___c_o_n_s_t___p_o_i_n_t_e_r _k_e_y_s_e_e_d, _k_r_b_5___k_e_y_b_l_o_c_k _*_*_k_e_y); DDEESSCCRRIIPPTTIIOONN _A_l_l _t_h_e _f_u_n_c_t_i_o_n_s _i_n _t_h_i_s _m_a_n_u_a_l _p_a_g_e _a_r_e _d_e_p_r_e_c_a_t_e_d _i_n _t_h_e _M_I_T _i_m_p_l_e_m_e_n_- _t_a_t_i_o_n_, _a_n_d _w_i_l_l _s_o_o_n _b_e _d_e_p_r_e_c_a_t_e_d _i_n _H_e_i_m_d_a_l _t_o_o_, _d_o_n_'_t _u_s_e _t_h_e_m_. Getting initial credential ticket for a principal. kkrrbb55__ggeett__iinn__ccrreedd is the function all other krb5_get_in function uses to fetch tickets. The other krb5_get_in function are more specialized and therefor somewhat easier to use. If your need is only to verify a user and password, consider using krb5_verify_user(3) instead, it have a much simpler interface. kkrrbb55__ggeett__iinn__ttkktt and kkrrbb55__ggeett__iinn__ccrreedd fetches initial credential, queries after key using the _k_e_y___p_r_o_c argument. The differences between the two function is that kkrrbb55__ggeett__iinn__ttkktt stores the credential in a krb5_creds while kkrrbb55__ggeett__iinn__ccrreedd stores the credential in a krb5_ccache. kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__ppaasssswwoorrdd, kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__kkeeyyttaabb, and kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__sskkeeyy does the same work as kkrrbb55__ggeett__iinn__ccrreedd but are more specialized. kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__ppaasssswwoorrdd uses the clients password to authenticate. If the password argument is NULL the user user queried with the default password query function. kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__kkeeyyttaabb searches the given keytab for a service entry for the client principal. If the keytab is NULL the default keytab is used. kkrrbb55__ggeett__iinn__ttkktt__wwiitthh__sskkeeyy uses a key to get the initial credential. There are some common arguments to the krb5_get_in functions, these are: _o_p_t_i_o_n_s are the KDC_OPT flags. _e_t_y_p_e_s is a NULL terminated array of encryption types that the client approves. _a_d_d_r_s a list of the addresses that the initial ticket. If it is NULL the list will be generated by the library. _p_r_e___a_u_t_h___t_y_p_e_s a NULL terminated array of pre-authentication types. If _p_r_e___a_u_t_h___t_y_p_e_s is NULL the function will try without pre-authentication and return those pre-authentication that the KDC returned. _r_e_t___a_s___r_e_p_l_y will (if not NULL) be filled in with the response of the KDC and should be free with kkrrbb55__ffrreeee__kkddcc__rreepp(). _k_e_y___p_r_o_c is a pointer to a function that should return a key salted appropriately. Using NULL will use the default password query function. _d_e_c_r_y_p_t___p_r_o_c Using NULL will use the default decryption function. _d_e_c_r_y_p_t_a_r_g will be passed to the decryption function _d_e_c_r_y_p_t___p_r_o_c. _c_r_e_d_s creds should be filled in with the template for a credential that should be requested. The client and server elements of the creds struc- ture must be filled in. Upon return of the function it will be contain the content of the requested credential (_k_r_b_5___g_e_t___i_n___c_r_e_d), or it will be freed with krb5_free_creds(3) (all the other krb5_get_in functions). _c_c_a_c_h_e will store the credential in the credential cache _c_c_a_c_h_e. The credential cache will not be initialized, thats up the the caller. kkrrbb55__ppaasssswwoorrdd__kkeeyy__pprroocc is a library function that is suitable using as the _k_r_b_5___k_e_y___p_r_o_c argument to kkrrbb55__ggeett__iinn__ccrreedd or kkrrbb55__ggeett__iinn__ttkktt. _k_e_y_s_e_e_d should be a pointer to a NUL terminated string or NULL. kkrrbb55__ppaasssswwoorrdd__kkeeyy__pprroocc will query the user for the pass on the console if the password isn't given as the argument _k_e_y_s_e_e_d. kkrrbb55__ffrreeee__kkddcc__rreepp() frees the content of _r_e_p. SSEEEE AALLSSOO krb5(3), krb5_verify_user(3), krb5.conf(5), kerberos(8) HEIMDAL May 31, 2003 HEIMDAL