krb5_set_default_tgs_ktypes()--Set Default Encryption Types to Request Service Ticket


  Syntax 
 #include <krb5.h>

 krb5_error_code krb5_set_default_tgs_ktypes(  
     krb5_context     context,
     krb5_const krb5_enctype *    ktypes);
  Service Program Name: QSYS/QKRBGSS

  Default Public Authority: *USE

  Threadsafe: Yes

The krb5_set_default_tgs_ktypes() function sets the default encryption types to be used when requesting a service ticket from the Kerberos server. The first encryption type specified is used for generating random keys, so it must be an encryption type that is supported by the Kerberos server. The encryption types specified override any values specified by the default_tgs_enctypes entry in the Kerberos configuration file.


Authorities

No authorities are required.


Parameters

context  (Input)
The Kerberos context.

ktypes  (Input)
An array of krb5_enctype values to be used when requesting a service ticket. The last element in the array must be set to ENCTYPE_NULL (x'00000000'). The following symbolic definitions are provided for specifying the encryption types:

ENCTYPE_DES_CBC_CRC (x'00000001') DES encryption with a CRC checksum
ENCTYPE_DES_CBC_MD5 (x'00000003') DES encryption with an MD5 checksum
ENCTYPE_DES_CBC_RAW (x'00000004') DES encryption with no checksum

Return Value

If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.


Error Messages

Message ID Error Message Text
CPE3418 E Possible APAR condition or hardware failure.


Usage Notes

  1. To interoperate with older Kerberos Version 5 servers, you should specify ENCTYPE_DES_CBC_CRC as the first encryption type.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]