MIT Kerberos Documentation

krb5_rd_cred - Read and validate a KRB-CRED message.

krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data * creddata, krb5_creds *** creds_out, krb5_replay_data * rdata_out)

[in] context - Library context

[in] auth_context - Authentication context

[in] creddata - KRB-CRED message

[out] creds_out - Null-terminated array of forwarded credentials

[out] rdata_out - Replay data (NULL if not needed)

  • 0 Success; otherwise - Kerberos error codes
creddata will be decrypted using the receiving subkey if it is present in auth_context , or the session key if the receiving subkey is not present or fails to decrypt the message.

Use krb5_free_tgt_creds() to free creds_out when it is no longer needed.


The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .`