krb5_error_code
krb5_get_credentials(
krb5_context context
krb5_flags options
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_credentials_with_flags(
krb5_context context
krb5_flags options
krb5_kdc_flags flags
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_cred_from_kdc(
krb5_context context
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
krb5_creds ***ret_tgts
)
krb5_error_code
krb5_get_cred_from_kdc_opt(
krb5_context context
krb5_ccache ccache
krb5_creds *in_creds
krb5_creds **out_creds
krb5_creds ***ret_tgts
krb5_flags flags
)
krb5_error_code
krb5_get_kdc_cred(
krb5_context context
krb5_ccache id
krb5_kdc_flags flags
krb5_addresses *addresses
Ticket *second_ticket
krb5_creds *in_creds
krb5_creds **out_creds
)
krb5_error_code
krb5_get_renewed_creds(
krb5_context context
krb5_creds *creds
krb5_const_principal client
krb5_ccache ccache
const char *in_tkt_service
)
)
get credentials specified by
in_creds->server
and
in_creds->client
(the rest of the
in_creds
structure is ignored)
by first looking in the
ccache
and if doesn't exists or is expired, fetch the credential from the KDC
using the krbtgt in
ccache
.
The credential is returned in
out_creds
and should be freed using the function
krb5_free_creds(
).
Valid flags to pass into
options
argument are:
ccache
,
don't got out on network to fetch credential.
ccache
.
Flags
are KDCOptions, note the caller must fill in the bit-field and not
use the integer associated structure.
krb5_get_credentials()
works the same way as
krb5_get_credentials_with_flags(
)
except that the
flags
field is missing.
krb5_get_cred_from_kdc()
and
krb5_get_cred_from_kdc_opt(
)
fetches the credential from the KDC very much like
krb5_get_credentials,(
but
, doesn't
, look
, in
, the
)
ccache
if the credential exists there first.
krb5_get_kdc_cred()
does the same as the functions above, but the caller must fill in all
the information andits closer to the wire protocol.
krb5_get_renewed_creds()
renews a credential given by
in_tkt_service
(if
NULL
the default
krbtgt
)
using the credential cache
ccache
.
The result is stored in
creds
and should be freed using
krb5_free_creds
.
id
or the KDC and returns it to the caller.
#include
int
getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
{
krb5_error_code ret;
krb5_creds in;
ret = krb5_parse_name(context, "client@EXAMPLE.COM",
&in.client);
if (ret)
krb5_err(context, 1, ret, "krb5_parse_name");
ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM",
&in.server);
if (ret)
krb5_err(context, 1, ret, "krb5_parse_name");
ret = krb5_get_credentials(context, 0, id, &in, creds);
if (ret)
krb5_err(context, 1, ret, "krb5_get_credentials");
return 0;
}