On this page
Table of contents
- For users
- For administrators
- For application developers
- Developing with GSSAPI
- Differences between Heimdal and MIT Kerberos API
- Principal manipulation and parsing
- Complete reference - API and datatypes
- krb5 API
- krb5_build_principal - Build a principal name using null-terminated strings.
- krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list.
- krb5_build_principal_ext - Build a principal name using length-counted strings.
- krb5_cc_close - Close a credential cache handle.
- krb5_cc_default - Resolve the default crendentials cache name.
- krb5_cc_default_name - Return the name of the default credential cache.
- krb5_cc_destroy - Destroy a credential cache.
- krb5_cc_dup - Duplicate ccache handle.
- krb5_cc_get_name - Retrieve the name, but not type of a credential cache.
- krb5_cc_get_principal - Get the default principal of a credential cache.
- krb5_cc_get_type - Retrieve the type of a credential cache.
- krb5_cc_initialize - Initialize a credential cache.
- krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name.
- krb5_cc_resolve - Resolve a credential cache name.
- krb5_change_password - Change a password for an existing Kerberos account.
- krb5_free_context - Free a krb5 library context.
- krb5_free_error_message - Free an error message generated by krb5_get_error_message() .
- krb5_free_principal - Free the storage assigned to a principal.
- krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.
- krb5_get_default_realm - Retrieve the default realm.
- krb5_get_error_message - Get the (possibly extended) error message for a code.
- krb5_get_host_realm - Get the Kerberos realm names for a host.
- krb5_get_credentials - Get an additional ticket.
- krb5_get_fallback_host_realm
- krb5_get_init_creds_keytab - Get initial credentials using a key table.
- krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure.
- krb5_get_init_creds_opt_free - Free initial credential options.
- krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options.
- krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options.
- krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options.
- krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options.
- krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options.
- krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options.
- krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options.
- krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options.
- krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options.
- krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options.
- krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options.
- krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options.
- krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options.
- krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options.
- krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options.
- krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options.
- krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options.
- krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options.
- krb5_get_init_creds_password - Get initial credentials using a password.
- krb5_get_profile - Retrieve configuration profile from the context.
- krb5_get_prompt_types - Get prompt types array from a context.
- krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential.
- krb5_get_validated_creds - Get validated credentials from the KDC.
- krb5_init_context - Create a krb5 library context.
- krb5_init_secure_context - Create a krb5 library context using only configuration files.
- krb5_is_config_principal - Test whether a principal is a configuration principal.
- krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support.
- krb5_kt_close - Close a key table handle.
- krb5_kt_default - Resolve default key table.
- krb5_kt_default_name - Get default key table name.
- krb5_kt_get_name - Get a key table name.
- krb5_kt_get_type - Return the type of a key table.
- krb5_kt_resolve - Get a handle for a key table.
- krb5_kuserok - Determine if a principal is authorized to log in as a local user.
- krb5_parse_name - Convert a string principal name to a krb5_principal structure.
- krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags.
- krb5_principal_compare - Compare two principals.
- krb5_principal_compare_any_realm - Compare two principals ignoring realm components.
- krb5_principal_compare_flags - Compare two principals with additional flags.
- krb5_prompter_posix - Prompt user for password.
- krb5_realm_compare - Compare the realms of two principals.
- krb5_set_default_realm - Override the default realm for the specified context.
- krb5_set_password - Set a password for a principal using specified credentials.
- krb5_set_password_using_ccache - Set a password for a principal using cached credentials.
- krb5_set_principal_realm - Set the realm field of a principal.
- krb5_set_trace_callback - Specify a callback function for trace events.
- krb5_set_trace_filename - Specify a file name for directing trace events.
- krb5_sname_match - Test whether a principal matches a matching principal.
- krb5_sname_to_principal - Generate a full principal name from a service name.
- krb5_unparse_name - Convert a krb5_principal structure to a string representation.
- krb5_unparse_name_ext - Convert krb5_principal structure to string and length.
- krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags.
- krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags.
- krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.
- krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data.
- krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.
- krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.
- krb5_address_compare - Compare two Kerberos addresses.
- krb5_address_order - Return an ordering of the specified addresses.
- krb5_address_search - Search a list of addresses for a specified address.
- krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.
- krb5_aname_to_localname - Convert a principal name to a local name.
- krb5_anonymous_principal - Build an anonymous principal.
- krb5_anonymous_realm - Return an anonymous realm data.
- krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.
- krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf.
- krb5_auth_con_free - Free a krb5_auth_context structure.
- krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket.
- krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context.
- krb5_auth_con_getaddrs - Retrieve address fields from an auth context.
- krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context.
- krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.
- krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock.
- krb5_auth_con_getkey_k - Retrieve the session key from an auth context.
- krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context.
- krb5_auth_con_getrcache - Retrieve the replay cache from an auth context.
- krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.
- krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock.
- krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context.
- krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.
- krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.
- krb5_auth_con_init - Create and initialize an authentication context.
- krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.
- krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.
- krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context.
- krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.
- krb5_auth_con_setports - Set local and remote port fields in an auth context.
- krb5_auth_con_setrcache - Set the replay cache in an auth context.
- krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.
- krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context.
- krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock.
- krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context.
- krb5_auth_con_setuseruserkey - Set the session key in an auth context.
- krb5_cc_cache_match - Find a credential cache with a specified client principal.
- krb5_cc_copy_creds - Copy a credential cache.
- krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries.
- krb5_cc_get_config - Get a configuration value from a credential cache.
- krb5_cc_get_flags - Retrieve flags from a credential cache structure.
- krb5_cc_get_full_name - Retrieve the full name of a credential cache.
- krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.
- krb5_cc_lock - Lock a credential cache.
- krb5_cc_move - Move a credential cache.
- krb5_cc_next_cred - Retrieve the next entry from the credential cache.
- krb5_cc_remove_cred - Remove credentials from a credential cache.
- krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache.
- krb5_cc_select - Select a credential cache to use with a server principal.
- krb5_cc_set_config - Store a configuration value in a credential cache.
- krb5_cc_set_default_name - Set the default credential cache name.
- krb5_cc_set_flags - Set options flags on a credential cache.
- krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache.
- krb5_cc_store_cred - Store credentials in a credential cache.
- krb5_cc_support_switch - Determine whether a credential cache type supports switching.
- krb5_cc_switch - Make a credential cache the primary cache for its collection.
- krb5_cc_unlock - Unlock a credential cache.
- krb5_cccol_cursor_free - Free a credential cache collection cursor.
- krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.
- krb5_cccol_cursor_next - Get the next credential cache in the collection.
- krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.
- krb5_cccol_lock - Acquire a global lock for credential caches.
- krb5_cccol_unlock - Release a global lock for credential caches.
- krb5_clear_error_message - Clear the extended error message in a context.
- krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.
- krb5_copy_addresses - Copy an array of addresses.
- krb5_copy_authdata - Copy an authorization data list.
- krb5_copy_authenticator - Copy a krb5_authenticator structure.
- krb5_copy_checksum - Copy a krb5_checksum structure.
- krb5_copy_context - Copy a krb5_context structure.
- krb5_copy_creds - Copy a krb5_creds structure.
- krb5_copy_data - Copy a krb5_data object.
- krb5_copy_error_message - Copy the most recent extended error message from one context to another.
- krb5_copy_keyblock - Copy a keyblock.
- krb5_copy_keyblock_contents - Copy the contents of a keyblock.
- krb5_copy_principal - Copy a principal.
- krb5_copy_ticket - Copy a krb5_ticket structure.
- krb5_find_authdata - Find authorization data elements.
- krb5_free_addresses - Free the data stored in array of addresses.
- krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure.
- krb5_free_authdata - Free the storage assigned to array of authentication data.
- krb5_free_authenticator - Free a krb5_authenticator structure.
- krb5_free_cred_contents - Free the contents of a krb5_creds structure.
- krb5_free_creds - Free a krb5_creds structure.
- krb5_free_data - Free a krb5_data structure.
- krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.
- krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .
- krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() .
- krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() .
- krb5_free_keyblock - Free a krb5_keyblock structure.
- krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure.
- krb5_free_keytab_entry_contents - Free the contents of a key table entry.
- krb5_free_octet_data
- krb5_free_string - Free a string allocated by a krb5 function.
- krb5_free_ticket - Free a ticket.
- krb5_free_unparsed_name - Free a string representation of a principal.
- krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys.
- krb5_get_server_rcache - Generate a replay cache object for server use and open it.
- krb5_get_time_offsets - Return the time offsets from the os context.
- krb5_init_context_profile - Create a krb5 library context using a specified profile.
- krb5_init_creds_free - Free an initial credentials context.
- krb5_init_creds_get - Acquire credentials using an initial credentials context.
- krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context.
- krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context.
- krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context.
- krb5_init_creds_init - Create a context for acquiring initial credentials.
- krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials.
- krb5_init_creds_set_password - Set a password for acquiring initial credentials.
- krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials.
- krb5_init_creds_step - Get the next KDC request for acquiring initial credentials.
- krb5_init_keyblock - Initialize an empty krb5_keyblock .
- krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM.
- krb5_kt_add_entry - Add a new entry to a key table.
- krb5_kt_end_seq_get - Release a keytab cursor.
- krb5_kt_get_entry - Get an entry from a key table.
- krb5_kt_next_entry - Retrieve the next entry from the key table.
- krb5_kt_read_service_key - Retrieve a service key from a key table.
- krb5_kt_remove_entry - Remove an entry from a key table.
- krb5_kt_start_seq_get - Start a sequential retrieval of key table entries.
- krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data.
- krb5_merge_authdata - Merge two authorization data lists into a new list.
- krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.
- krb5_mk_error - Format and encode a KRB_ERROR message.
- krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.
- krb5_mk_priv - Format a KRB-PRIV message.
- krb5_mk_rep - Format and encrypt a KRB_AP_REP message.
- krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC.
- krb5_mk_req - Create a KRB_AP_REQ message.
- krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.
- krb5_mk_safe - Format a KRB-SAFE message.
- krb5_os_localaddr - Return all interface addresses for this host.
- krb5_pac_add_buffer - Add a buffer to a PAC handle.
- krb5_pac_free - Free a PAC handle.
- krb5_pac_get_buffer - Retrieve a buffer value from a PAC.
- krb5_pac_get_types - Return an array of buffer types in a PAC handle.
- krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle.
- krb5_pac_parse - Unparse an encoded PAC into a new handle.
- krb5_pac_sign - Sign a PAC.
- krb5_pac_verify - Verify a PAC.
- krb5_principal2salt - Convert a principal name into the default salt for that principal.
- krb5_rd_cred - Read and validate a KRB-CRED message.
- krb5_rd_error - Decode a KRB-ERROR message.
- krb5_rd_priv - Process a KRB-PRIV message.
- krb5_rd_rep - Parse and decrypt a KRB_AP_REP message.
- krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC.
- krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.
- krb5_rd_safe - Process KRB-SAFE message.
- krb5_read_password - Read a password from keyboard input.
- krb5_salttype_to_string - Convert a salt type to a string.
- krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table.
- krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure.
- krb5_set_error_message - Set an extended error message for an error code.
- krb5_set_real_time - Set time offset field in a krb5_context structure.
- krb5_string_to_cksumtype - Convert a string to a checksum type.
- krb5_string_to_deltat - Convert a string to a delta time value.
- krb5_string_to_enctype - Convert a string to an encryption type.
- krb5_string_to_salttype - Convert a string to a salt type.
- krb5_string_to_timestamp - Convert a string to a timestamp.
- krb5_timeofday - Retrieve the current time with context specific time offset adjustment.
- krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding.
- krb5_timestamp_to_string - Convert a timestamp to a string.
- krb5_tkt_creds_free - Free a TGS request context.
- krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context.
- krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context.
- krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context.
- krb5_tkt_creds_init - Create a context to get credentials from a KDC’s Ticket Granting Service.
- krb5_tkt_creds_step - Get the next KDC request in a TGS exchange.
- krb5_verify_init_creds - Verify initial credentials against a keytab.
- krb5_verify_init_creds_opt_init - Initialize a credential verification options structure.
- krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required.
- krb5_vset_error_message - Set an extended error message for an error code using a va_list.
- krb5_c_block_size - Return cipher block size.
- krb5_c_checksum_length - Return the length of checksums for a checksum type.
- krb5_c_crypto_length - Return a length of a message field specific to the encryption type.
- krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array.
- krb5_c_decrypt - Decrypt data using a key (operates on keyblock).
- krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock).
- krb5_c_encrypt - Encrypt data using a key (operates on keyblock).
- krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).
- krb5_c_encrypt_length - Compute encrypted data length.
- krb5_c_enctype_compare - Compare two encryption types.
- krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state() .
- krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.
- krb5_c_init_state - Initialize a new cipher state.
- krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof.
- krb5_c_is_keyed_cksum - Test whether a checksum type is keyed.
- krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type.
- krb5_c_keylengths - Return length of the specified key in bytes.
- krb5_c_make_checksum - Compute a checksum (operates on keyblock).
- krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock)
- krb5_c_make_random_key - Generate an enctype-specific random encryption key.
- krb5_c_padding_length - Return a number of padding octets.
- krb5_c_prf - Generate enctype-specific pseudo-random bytes.
- krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type.
- krb5_c_random_add_entropy - Add entropy to the pseudo-random number generator.
- krb5_c_random_make_octets - Generate pseudo-random bytes.
- krb5_c_random_os_entropy - Collect entropy from the OS if possible.
- krb5_c_random_to_key - Generate an enctype-specific key from random data.
- krb5_c_string_to_key - Convert a string (such a password) to a key.
- krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters.
- krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type.
- krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type.
- krb5_c_verify_checksum - Verify a checksum (operates on keyblock).
- krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock).
- krb5_cksumtype_to_string - Convert a checksum type to a string.
- krb5_decode_authdata_container - Unwrap authorization data.
- krb5_decode_ticket - Decode an ASN.1-formatted ticket.
- krb5_deltat_to_string - Convert a relative time value to a string.
- krb5_encode_authdata_container - Wrap authorization data in a container.
- krb5_enctype_to_name - Convert an encryption type to a name or alias.
- krb5_enctype_to_string - Convert an encryption type to a string.
- krb5_free_checksum - Free a krb5_checksum structure.
- krb5_free_checksum_contents - Free the contents of a krb5_checksum structure.
- krb5_free_cksumtypes - Free an array of checksum types.
- krb5_free_tgt_creds - Free an array of credential structures.
- krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock.
- krb5_k_decrypt - Decrypt data using a key (operates on opaque key).
- krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key).
- krb5_k_encrypt - Encrypt data using a key (operates on opaque key).
- krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key).
- krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero.
- krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure.
- krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure.
- krb5_k_make_checksum - Compute a checksum (operates on opaque key).
- krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key)
- krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).
- krb5_k_reference_key - Increment the reference count on a key.
- krb5_k_verify_checksum - Verify a checksum (operates on opaque key).
- krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key).
- krb5_recvauth - Server function for sendauth protocol.
- krb5_recvauth_version - Server function for sendauth protocol with version parameter.
- krb5_sendauth - Client function for sendauth protocol.
- krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.
- krb5_auth_con_getlocalsubkey
- krb5_auth_con_getremotesubkey
- krb5_auth_con_initivector
- krb5_build_principal_va
- krb5_c_random_seed
- krb5_calculate_checksum
- krb5_checksum_size
- krb5_encrypt
- krb5_decrypt
- krb5_eblock_enctype
- krb5_encrypt_size
- krb5_finish_key
- krb5_finish_random_key
- krb5_cc_gen_new
- krb5_get_credentials_renew
- krb5_get_credentials_validate
- krb5_get_in_tkt_with_password
- krb5_get_in_tkt_with_skey
- krb5_get_in_tkt_with_keytab
- krb5_get_init_creds_opt_init
- krb5_init_random_key
- krb5_kt_free_entry
- krb5_random_key
- krb5_process_key
- krb5_string_to_key
- krb5_use_enctype
- krb5_verify_checksum
- krb5 types and structures
- krb5 simple macros
- krb5 API
- For plugin module developers
- Building Kerberos V5
- Basic Kerberos V5 concepts
- MIT Kerberos Features
- About this project
- Resources
Full Table of Contents
Search
krb5_verify_init_creds - Verify initial credentials against a keytab.¶
- krb5_error_code krb5_verify_init_creds(krb5_context context, krb5_creds * creds, krb5_principal server_arg, krb5_keytab keytab_arg, krb5_ccache * ccache_arg, krb5_verify_init_creds_opt * options)¶
| param: | [in] context - Library context [in] creds - Initial credentials to be verified [in] server_arg - Server principal (or NULL) [in] keytab_arg - Key table (NULL to use default keytab) [inout] ccache_arg - Credential cache for fetched creds (or NULL) [in] options - Verification options (NULL for default options) |
|---|
| retval: |
|
|---|
This function attempts to verify that creds were obtained from a KDC with knowledge of a key in keytab_arg . If server_arg is provided, the highest-kvno key entry for that principal name is used to verify the credentials; otherwise, the highest-kvno key entry for the first principal listed in keytab_arg is used.
If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for server_arg , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see krb5_verify_init_creds_opt_init() and krb5_verify_init_creds_opt_set_ap_req_nofail() .
If ccache_arg is NULL, any additional credentials fetched during the verification process will be destroyed. If ccache_arg points to NULL, a memory ccache will be created for the additional credentials and returned in ccache_arg . If ccache_arg points to a valid credential cache handle, the additional credentials will be stored in that cache.