KRB5_VERIFY_INIT_CRED... BSD Library Functions Manual KRB5_VERIFY_INIT_CRED...

NNAAMMEE
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__iinniitt,
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__sseett__aapp__rreeqq__nnooffaaiill, kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss --
     verifies a credential cache is correct by using a local keytab

LLIIBBRRAARRYY
     Kerberos 5 Library (libkrb5, -lkrb5)

SSYYNNOOPPSSIISS
     ##iinncclluuddee <<kkrrbb55..hh>>

     struct krb5_verify_init_creds_opt;

     _v_o_i_d
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__iinniitt(_k_r_b_5___v_e_r_i_f_y___i_n_i_t___c_r_e_d_s___o_p_t _*_o_p_t_i_o_n_s);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__sseett__aapp__rreeqq__nnooffaaiill(_k_r_b_5___v_e_r_i_f_y___i_n_i_t___c_r_e_d_s___o_p_t _*_o_p_t_i_o_n_s,
         _i_n_t _a_p___r_e_q___n_o_f_a_i_l);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___c_r_e_d_s _*_c_r_e_d_s,
         _k_r_b_5___p_r_i_n_c_i_p_a_l _a_p___r_e_q___s_e_r_v_e_r, _k_r_b_5___c_c_a_c_h_e _*_c_c_a_c_h_e,
         _k_r_b_5___v_e_r_i_f_y___i_n_i_t___c_r_e_d_s___o_p_t _*_o_p_t_i_o_n_s);

DDEESSCCRRIIPPTTIIOONN
     The kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss function verifies the initial tickets with the
     local keytab to make sure the response of the KDC was spoof-ed.

     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss will use principal _a_p___r_e_q___s_e_r_v_e_r from the local
     keytab, if NULL is passed in, the code will guess the local hostname and
     use that to form host/hostname/GUESSED-REALM-FOR-HOSTNAME.  _c_r_e_d_s is the
     credential that kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss should verify.  If _c_c_a_c_h_e is given
     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss() stores all credentials it fetched from the KDC
     there, otherwise it will use a memory credential cache that is destroyed
     when done.

     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__iinniitt() cleans the the structure, must be used
     before trying to pass it in to kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss().

     kkrrbb55__vveerriiffyy__iinniitt__ccrreeddss__oopptt__sseett__aapp__rreeqq__nnooffaaiill() controls controls the
     behavior if _a_p___r_e_q___s_e_r_v_e_r doesn't exists in the local keytab or in the
     KDC's database, if it's true, the error will be ignored.  Note that this
     use is possible insecure.

SSEEEE AALLSSOO
     krb5(3), krb5_get_init_creds(3), krb5_verify_user(3), krb5.conf(5)

HEIMDAL                           May 1, 2006                          HEIMDAL