#include <krb5.h> krb5_error_code krb5_cc_retrieve_cred( krb5_context context, krb5_ccache ccache, krb5_flags flags, krb5_creds * mcreds, krb5_creds * creds);Service Program Name: QSYS/QKRBGSS
The krb5_cc_retrieve_cred() function searches the credentials cache and returns an entry that matches the credentials specified. The client principal must always match. The KRB5_TC_MATCH_SRV_NAMEONLY flag controls how much of the server principal must match.
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the credentials cache file | *X |
Credentials cache file | *RW |
KRB5_TC_MATCH_TIMES (x'00000001') | The renew_till and endtime values in the cache entry must be greater than the values in the match credentials. A time value will be ignored if it is zero. |
KRB5_TC_MATCH_IS_SKEY (x'00000002') | The is_skey flag in the cache entry must be the same as the is_skey flag in the match credentials. |
KRB5_TC_MATCH_FLAGS (x'00000004') | All of the flags set in the match credentials must also be set in the cache entry. |
KRB5_TC_MATCH_TIMES_EXACT (x'00000008') | The time fields in the cache entry must match exactly the time fields in the match credentials. |
KRB5_TC_MATCH_FLAGS_EXACT (x'00000010') | The flags in the cache entry must match exactly the flags in the match credentials. |
KRB5_TC_MATCH_AUTHDATA (x'00000020') | The authorization data in the cache entry must be identical to the authorization data in the match credentials. |
KRB5_TC_MATCH_SRV_NAMEONLY (x'00000040') | Only the name portion of the server principal in the cache entry needs to match the server principal in the match credentials. The realm values may be different. If this flag is not set, the complete principal name must match. |
KRB5_TC_MATCH_2ND_TKT (x'00000080') | The second ticket in the cache entry must match exactly the second ticket in the match credentials. |
KRB5_TC_MATCH_KTYPE (x'00000100') | The encryption key type in the cache entry must match the encryption key type in the match credentials. |
KRB5_TC_SUPPORTED_KTYPES (x'00000200') | The encryption key type in the cache entry must be one of the encryption types specified by the default_tgs_enctypes value in the Kerberos configuration profile. If the default_tgs_enctypes value contains multiple encryption types, the list will be processed from left to right and the first matching credential will be returned. |
If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]