|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| KRB5_VERIFY_INIT_CREDS(3) | FreeBSD Library Functions Manual | KRB5_VERIFY_INIT_CREDS(3) |
NAME
krb5_verify_init_creds_opt_init,
krb5_verify_init_creds_opt_set_ap_req_nofail,
krb5_verify_init_creds —
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)SYNOPSIS
#include <krb5.h>
struct krb5_verify_init_creds_opt;
void
krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt
*options);
void
krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt
*options, int ap_req_nofail);
krb5_error_code
krb5_verify_init_creds(krb5_context
context, krb5_creds *creds,
krb5_principal ap_req_server,
krb5_ccache *ccache,
krb5_verify_init_creds_opt *options);
DESCRIPTION
Thekrb5_verify_init_creds function verifies the initial
tickets with the local keytab to make sure the response of the KDC was
spoof-ed.
krb5_verify_init_creds will use principal
ap_req_server from the local keytab, if
NULL is passed in, the code will guess the local
hostname and use that to form host/hostname/GUESSED-REALM-FOR-HOSTNAME.
creds is the credential that
krb5_verify_init_creds should verify. If
ccache is given
krb5_verify_init_creds() stores all credentials it
fetched from the KDC there, otherwise it will use a memory credential cache
that is destroyed when done.
krb5_verify_init_creds_opt_init() cleans
the the structure, must be used before trying to pass it in to
krb5_verify_init_creds().
krb5_verify_init_creds_opt_set_ap_req_nofail()
controls controls the behavior if ap_req_server
doesn't exists in the local keytab or in the KDC's database, if it's true,
the error will be ignored. Note that this use is possible insecure.
SEE ALSO
krb5(3), krb5_get_init_creds(3), krb5_verify_user(3), krb5.conf(5)| May 1, 2006 | HEIMDAL |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.