krb5_fwd_tgt_creds - Read and validate a KRB-CRED message.¶

krb5_error_code krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, const char *rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data *outbuf)¶

param:

[in] context - Library context

[in] auth_context - Authentication context

[in] rhost - Remote host

[in] client - Client principal of TGT

[in] server - Principal of server to receive TGT

[in] cc - Credential cache handle (NULL to use default)

[in] forwardable - Whether TGT should be forwardable

[out] outbuf - KRB-CRED message

retval:

0 Success; otherwise - Kerberos error codes */ krb5_error_code KRB5_CALLCONV krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,krb5_data *creddata, krb5_creds ***creds_out,krb5_replay_data *rdata_out);
0 Success
ENOMEM Insufficient memory
KRB5_PRINC_NOMATCH Requested principal and ticket do not match
KRB5_NO_TKT_SUPPLIED Request did not supply a ticket
KRB5_CC_BADNAME Credential cache name or principal name malformed

return:

Kerberos error codes

creddata will be decrypted using the receiving subkey if it is present in auth_context , or the session key if the receiving subkey is not present or fails to decrypt the message.

Use krb5_free_tgt_creds() to free creds_out when it is no longer needed.

/** Get a forwarded TGT and format a KRB-CRED message.

Get a TGT for use at the remote host rhost and format it into a KRB-CRED message. If rhost is NULL and server is of type #KRB5_NT_SRV_HST, the second component of server will be used.

Note

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .`

MIT Kerberos Documentation

krb5_fwd_tgt_creds - Read and validate a KRB-CRED message.¶

On this page

Table of contents

Full Table of Contents

Search