Provided by: heimdal-dev_7.8.git20221117.28daf24+dfsg-5ubuntu3_amd64 bug

NAME
       krb5_get_creds,    krb5_get_creds_opt_add_options,   krb5_get_creds_opt_alloc,   krb5_get_creds_opt_free,
       krb5_get_creds_opt_set_enctype,    krb5_get_creds_opt_set_impersonate,    krb5_get_creds_opt_set_options,
       krb5_get_creds_opt_set_ticket — get credentials from the KDC


LIBRARY
       Kerberos 5 Library (libkrb5, -lkrb5)


SYNOPSIS
       #include <krb5.h>

       krb5_error_code
       krb5_get_creds(krb5_context context,              krb5_get_creds_opt opt,             krb5_ccache ccache,
           krb5_const_principal inprinc, krb5_creds **out_creds);

       void
       krb5_get_creds_opt_add_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options);

       krb5_error_code
       krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt);

       void
       krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt);

       void
       krb5_get_creds_opt_set_enctype(krb5_context context, krb5_get_creds_opt opt, krb5_enctype enctype);

       krb5_error_code
       krb5_get_creds_opt_set_impersonate(krb5_context context,                          krb5_get_creds_opt opt,
           krb5_const_principal self);

       void
       krb5_get_creds_opt_set_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options);

       krb5_error_code
       krb5_get_creds_opt_set_ticket(krb5_context context, krb5_get_creds_opt opt, const Ticket *ticket);


DESCRIPTION
       krb5_get_creds() fetches credentials specified by opt by first looking in the ccache, and then it doesn't
       exists,  fetch  the  credential  from the KDC using the krbtgts in ccache.  The credential is returned in
       out_creds and should be freed using the function krb5_free_creds().

       The structure krb5_get_creds_opt controls the behavior of krb5_get_creds().  The structure is  opaque  to
       consumers that can set the content of the structure with accessors functions. All accessor functions make
       copies  of  the data that is passed into accessor functions, so external consumers free the memory before
       calling krb5_get_creds().

       The  structure  krb5_get_creds_opt  is  allocated  with   krb5_get_creds_opt_alloc()   and   freed   with
       krb5_get_creds_opt_free().  The free function also frees the content of the structure set by the accessor
       functions.

       krb5_get_creds_opt_add_options()  and  krb5_get_creds_opt_set_options()  adds  and  sets  options  to the
       krb5_get_creds_opt structure .  The possible options to set are
       KRB5_GC_CACHED     Only check the ccache, don't got out on network to fetch credential.
       KRB5_GC_USER_USER  request a user to user ticket.  This options doesn't store the resulting user to  user
                          credential in the ccache.
       KRB5_GC_EXPIRED_OK
                          returns  the  credential  even if it is expired, default behavior is trying to refetch
                          the credential from the KDC.
       KRB5_GC_NO_STORE   Do not store the resulting credentials in the ccache.

       krb5_get_creds_opt_set_enctype() sets the preferred encryption type of the application.  Don't  set  this
       unless you have to since if there is no match in the KDC, the function call will fail.

       krb5_get_creds_opt_set_impersonate()  sets  the principal to impersonate., Returns a ticket that have the
       impersonation principal as a client and the requestor as the service. Note that the  requested  principal
       have to be the same as the client principal in the krbtgt.

       krb5_get_creds_opt_set_ticket()  sets  the extra ticket used in user-to-user or contrained delegation use
       case.


SEE ALSO
       krb5(3), krb5_get_credentials(3), krb5.conf(5)

HEIMDAL                                           June 15, 2006                                KRB5_GET_CREDS(3)