1 .\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .Dt KRB5_VERIFY_INIT_CREDS 3
38 .Nm krb5_verify_init_creds_opt_init ,
39 .Nm krb5_verify_init_creds_opt_set_ap_req_nofail ,
40 .Nm krb5_verify_init_creds
41 .Nd "verifies a credential cache is correct by using a local keytab"
43 Kerberos 5 Library (libkrb5, -lkrb5)
47 .Li "struct krb5_verify_init_creds_opt;"
49 .Fo krb5_verify_init_creds_opt_init
50 .Fa "krb5_verify_init_creds_opt *options"
53 .Fo krb5_verify_init_creds_opt_set_ap_req_nofail
54 .Fa "krb5_verify_init_creds_opt *options"
55 .Fa "int ap_req_nofail"
58 .Fo krb5_verify_init_creds
59 .Fa "krb5_context context"
60 .Fa "krb5_creds *creds"
61 .Fa "krb5_principal ap_req_server"
62 .Fa "krb5_ccache *ccache"
63 .Fa "krb5_verify_init_creds_opt *options"
67 .Nm krb5_verify_init_creds
68 function verifies the initial tickets with the local keytab to make
69 sure the response of the KDC was spoof-ed.
71 .Nm krb5_verify_init_creds
74 from the local keytab, if
76 is passed in, the code will guess the local hostname and use that to
77 form host/hostname/GUESSED-REALM-FOR-HOSTNAME.
79 is the credential that
80 .Nm krb5_verify_init_creds
85 .Fn krb5_verify_init_creds
86 stores all credentials it fetched from the KDC there, otherwise it
87 will use a memory credential cache that is destroyed when done.
89 .Fn krb5_verify_init_creds_opt_init
90 cleans the the structure, must be used before trying to pass it in to
91 .Fn krb5_verify_init_creds .
93 .Fn krb5_verify_init_creds_opt_set_ap_req_nofail
94 controls controls the behavior if
96 doesn't exists in the local keytab or in the KDC's database, if it's
97 true, the error will be ignored. Note that this use is possible
101 .Xr krb5_get_init_creds 3 ,
102 .Xr krb5_verify_user 3 ,