MIT Kerberos Documentation

krb5_get_credentials - Get an additional ticket.

krb5_error_code krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds)
param:

[in] context - Library context

[in] options - Options

[in] ccache - Credential cache handle

[in] in_creds - Input credentials

[out] out_creds - Output updated credentials

retval:
  • 0 Success
return:
  • Kerberos error codes

Use ccache or a TGS exchange to get a service ticket matching in_creds .

Valid values for options are:

  • #KRB5_GC_CACHED Search only credential cache for the ticket
  • #KRB5_GC_USER_USER Return a user to user authentication ticket

in_creds must be non-null. in_creds->client and in_creds->server must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in in_creds->authdata ; otherwise set in_creds->authdata to NULL. The session key type is specified in in_creds->keyblock.enctype , if it is nonzero.

The expiration date is specified in in_creds->times.endtime . The KDC may return tickets with an earlier expiration date. If in_creds->times.endtime is set to 0, the latest possible expiration date will be requested.

Any returned ticket and intermediate ticket-granting tickets are stored in ccache .

Use krb5_free_creds() to free out_creds when it is no longer needed.