krb5_error_code
krb5_get_creds(
krb5_context context
krb5_get_creds_opt opt
krb5_ccache ccache
krb5_const_principal inprinc
krb5_creds **out_creds
)
void
krb5_get_creds_opt_add_options(
krb5_context context
krb5_get_creds_opt opt
krb5_flags options
)
krb5_error_code
krb5_get_creds_opt_alloc(
krb5_context context
krb5_get_creds_opt *opt
)
void
krb5_get_creds_opt_free(
krb5_context context
krb5_get_creds_opt opt
)
void
krb5_get_creds_opt_set_enctype(
krb5_context context
krb5_get_creds_opt opt
krb5_enctype enctype
)
krb5_error_code
krb5_get_creds_opt_set_impersonate(
krb5_context context
krb5_get_creds_opt opt
krb5_const_principal self
)
void
krb5_get_creds_opt_set_options(
krb5_context context
krb5_get_creds_opt opt
krb5_flags options
)
krb5_error_code
krb5_get_creds_opt_set_ticket(
krb5_context context
krb5_get_creds_opt opt
const Ticket *ticket
)
)
fetches credentials specified by
opt
by first looking in the
ccache
,
and then it doesn't exists, fetch the credential from the KDC
using the krbtgts in
ccache
.
The credential is returned in
out_creds
and should be freed using the function
krb5_free_creds(
).
The structure
krb5_get_creds_opt
controls the behavior of
krb5_get_creds().
The structure is opaque to consumers that can set the content of the
structure with accessors functions. All accessor functions make copies
of the data that is passed into accessor functions, so external
consumers free the memory before calling
krb5_get_creds(
).
The structure
krb5_get_creds_opt
is allocated with
krb5_get_creds_opt_alloc()
and freed with
krb5_get_creds_opt_free(
).
The free function also frees the content of the structure set by the
accessor functions.
krb5_get_creds_opt_add_options()
and
krb5_get_creds_opt_set_options(
)
adds and sets options to the
structure .
The possible options to set are
ccache
,
don't got out on network to fetch credential.
ccache
.
ccache
.
krb5_get_creds_opt_set_enctype()
sets the preferred encryption type of the application. Don't set this
unless you have to since if there is no match in the KDC, the function
call will fail.
krb5_get_creds_opt_set_impersonate()
sets the principal to impersonate., Returns a ticket that have the
impersonation principal as a client and the requestor as the
service. Note that the requested principal have to be the same as the
client principal in the krbtgt.
krb5_get_creds_opt_set_ticket()
sets the extra ticket used in user-to-user or contrained delegation use case.