krb5_cc_remove_cred()--Remove Entry


  Syntax 
 #include <krb5.h>

 krb5_error_code krb5_cc_remove_cred(  
     krb5_context     context,
     krb5_ccache      ccache,
     krb5_flags       flags, 
     krb5_creds *     mcreds);
  Service Program Name: QSYS/QKRBGSS

  Default Public Authority: *USE

  Threadsafe: Yes

The krb5_cc_remove_cred() function removes matching entries from the credentials cache. The client principal must always match. The KRB5_TC_MATCH_SRV_NAMEONLY flag controls how much of the server principal must match.


Authorities

No authorities are required.


Parameters

context  (Input)
The Kerberos context.

ccache  (Input)
The credentials cache handle.

flags  (Input)
The search flags that are used to determine whether a particular cache entry should be removed. The following symbolic definitions are provided for the various flags and should be ORed together to set the desired search flags:

KRB5_TC_MATCH_TIMES (x'00000001') The renew_till and endtime values in the cache entry must be greater than the values in the match credentials. A time value will be ignored if it is zero.
KRB5_TC_MATCH_IS_SKEY (x'00000002') The is_skey flag in the cache entry must be the same as the is_skey flag in the match credentials.
KRB5_TC_MATCH_FLAGS (x'00000004') All of the flags set in the match credentials must also be set in the cache entry.
KRB5_TC_MATCH_TIMES_EXACT (x'00000008') The time fields in the cache entry must match exactly the time fields in the match credentials.
KRB5_TC_MATCH_FLAGS_EXACT (x'00000010') The flags in the cache entry must match exactly the flags in the match credentials.
KRB5_TC_MATCH_AUTHDATA (x'00000020') The authorization data in the cache entry must be identical to the authorization data in the match credentials.
KRB5_TC_MATCH_SRV_NAMEONLY (x'00000040') Only the name portion of the server principal in the cache entry needs to match the server principal in the match credentials. The realm values may be different. If this flag is not set, the complete principal name must match.
KRB5_TC_MATCH_2ND_TKT (x'00000080') The second ticket in the cache entry must match exactly the second ticket in the match credentials.
KRB5_TC_MATCH_KTYPE (x'00000100') The encryption key type in the cache entry must match the encryption key type in the match credentials.


mcreds  (Input)
The match credentials. Fields from these credentials are matched with fields in the cache entries based on the search flags. The client and server principals must always be set in the match credentials, no matter what search flags are specified.

Return Value

If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.


Error Messages

Message ID Error Message Text
CPE3418 E Possible APAR condition or hardware failure.


Usage Notes

  1. The krb5_cc_remove_cred() routine is not supported for the FILE and MEMORY cache types and will return an error code of KRB5_CC_OP_NOT_SUPPORTED.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]