krb5_get_credentials - Get an additional ticket.¶
- krb5_error_code krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds)¶
param: | [in] context - Library context [in] options - Options [in] ccache - Credential cache handle [in] in_creds - Input credentials [out] out_creds - Output updated credentials |
---|
retval: |
|
---|---|
return: |
|
Use ccache or a TGS exchange to get a service ticket matching in_creds .
Valid values for options are:
- #KRB5_GC_CACHED Search only credential cache for the ticket
- #KRB5_GC_USER_USER Return a user to user authentication ticket
in_creds must be non-null. in_creds->client and in_creds->server must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in in_creds->authdata ; otherwise set in_creds->authdata to NULL. The session key type is specified in in_creds->keyblock.enctype , if it is nonzero.
If in_creds->times.endtime is specified, it is used as the requested expiration date if a TGS request is made. If in_creds->times.endtime is set to 0, the latest possible expiration date will be requested. The KDC or cache may return a ticket with an earlier expiration date.
Any returned ticket and intermediate ticket-granting tickets are stored in ccache .
Use krb5_free_creds() to free out_creds when it is no longer needed.