krb5_error_code
krb5_get_credentials(
krb5_context context
krb5_flags options
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_credentials_with_flags(
krb5_context context
krb5_flags options
krb5_kdc_flags flags
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_cred_from_kdc(
krb5_context context
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
krb5_creds ***ret_tgts
)
krb5_error_code
krb5_get_cred_from_kdc_opt(
krb5_context context
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
krb5_creds ***ret_tgts
krb5_flags flags
)
krb5_error_code
krb5_get_kdc_cred(
krb5_context context
krb5_ccache id
krb5_kdc_flags flags
krb5_addresses *addresses
Ticket *second_ticket
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_renewed_creds(
krb5_context context
krb5_creds *creds
krb5_const_principal client
krb5_ccache ccache
const char *in_tkt_service
)
)
get credentials specified by
in_creds->server
and
in_creds->client
(the rest of the
in_creds
structure is ignored)
by first looking in the
ccache
and if doesn't exists or is expired, fetch the credential from the KDC
using the krbtgt in
ccache.
The credential is returned in
out_creds
and should be freed using the function
krb5_free_creds().
Valid flags to pass into
options
argument are:
ccache,
don't got out on network to fetch credential.
ccache.
Flags
are KDCOptions, note the caller must fill in the bit-field and not
use the integer associated structure.
krb5_get_credentials()
works the same way as
krb5_get_credentials_with_flags()
except that the
flags
field is missing.
krb5_get_cred_from_kdc()
and
krb5_get_cred_from_kdc_opt()
fetches the credential from the KDC very much like
krb5_get_credentials,(but, doesn't, look, in, the)
ccache
if the credential exists there first.
krb5_get_kdc_cred()
does the same as the functions above, but the caller must fill in all
the information andits closer to the wire protocol.
krb5_get_renewed_creds()
renews a credential given by
in_tkt_service
(if
NULL
the default
krbtgt)
using the credential cache
ccache.
The result is stored in
creds
and should be freed using
krb5_free_creds.
id
or the KDC and returns it to the caller.
#include
int
getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
{
krb5_error_code ret;
krb5_creds in;
ret = krb5_parse_name(context, "client@EXAMPLE.COM",
&in.client);
if (ret)
krb5_err(context, 1, ret, "krb5_parse_name");
ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM",
&in.server);
if (ret)
krb5_err(context, 1, ret, "krb5_parse_name");
ret = krb5_get_credentials(context, 0, id, &in, creds);
if (ret)
krb5_err(context, 1, ret, "krb5_get_credentials");
return 0;
}