The krb5_get_cred_from_kdc_validate() function validates a
service ticket obtained from the Kerberos Key Distribution Center (KDC) server.
The credentials are not stored in the credentials cache. (The application
should store them in the cache if appropriate.)
Authorities
Object Referred to
Data Authority Required
Each directory in the path name preceding the
credentials cache file
*X
Credentials cache file
*RW
Parameters
context (Input)
The Kerberos context.
ccache (Input)
The credentials cache. The initial ticket-granting ticket for the local
realm must already be in the cache. The Kerberos runtime obtains additional
ticket-granting tickets as needed if the target server is not in the local
realm.
in_cred (Input)
The request credentials. The client and server fields
must be set to the desired values for the service ticket. The
second_ticket field must be set if the service ticket is to be
encrypted in a session key. The ticket expiration time can be set to override
the default expiration time.
out_cred (Output)
The validated service ticket. The krb5_free_creds()
routine should be called to release the credentials when they are no longer
needed.
tgts (Output)
Any new ticket-granting tickets that were obtained while getting the
service target from the KDC in the target realm. There may be ticket-granting
tickets returned for this parameter even if the Kerberos runtime ultimately was
unable to obtain a service ticket from the target KDC. The
krb5_free_tgt_creds() routine should be called to release the
ticket-granting ticket array when it is no longer needed.
Return Value
If no errors occur, the return value is 0. Otherwise, a Kerberos error code
is returned.
Error Messages
Message ID
Error Message Text
CPE3418 E
Possible APAR condition or hardware failure.
Usage Notes
The application should call
krb5_get_cred_from_kdc_validate() to validate a postdated
ticket once the ticket start time has been reached.