1KRB5_VERIFY_INIT_CRED... BSD Library Functions Manual KRB5_VERIFY_INIT_CRED...
2
4 krb5_verify_init_creds_opt_init,
5 krb5_verify_init_creds_opt_set_ap_req_nofail, krb5_verify_init_creds —
6 verifies a credential cache is correct by using a local keytab
7
9 Kerberos 5 Library (libkrb5, -lkrb5)
10
12 #include <krb5.h>
13 struct krb5_verify_init_creds_opt;
15 void
17 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options);
18 void
20 krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options,
21 int ap_req_nofail);
22 krb5_error_code
24 krb5_verify_init_creds(krb5_context context, krb5_creds *creds,
25 krb5_principal ap_req_server, krb5_ccache *ccache,
26 krb5_verify_init_creds_opt *options);
27
29 The krb5_verify_init_creds function verifies the initial tickets with the
30 local keytab to make sure the response of the KDC was spoof-ed.
31 krb5_verify_init_creds will use principal ap_req_server from the local
33 keytab, if NULL is passed in, the code will guess the local hostname and
34 use that to form host/hostname/GUESSED-REALM-FOR-HOSTNAME. creds is the
35 credential that krb5_verify_init_creds should verify. If ccache is given
36 krb5_verify_init_creds() stores all credentials it fetched from the KDC
37 there, otherwise it will use a memory credential cache that is destroyed
38 when done.
39 krb5_verify_init_creds_opt_init() cleans the the structure, must be used
41 before trying to pass it in to krb5_verify_init_creds().
42 krb5_verify_init_creds_opt_set_ap_req_nofail() controls controls the
44 behavior if ap_req_server doesn't exists in the local keytab or in the
45 KDC's database, if it's true, the error will be ignored. Note that this
46 use is possible insecure.
47
49 krb5(3), krb5_get_init_creds(3), krb5_verify_user(3), krb5.conf(5)
50HEIMDAL May 1, 2006 HEIMDAL