krb5_get_cred_from_kdc_validate()--Validate Service Ticket Obtained from Kerberos KDC Server
Syntax
#include <krb5.h> krb5_error_code krb5_get_cred_from_kdc_validate( krb5_context context, krb5_ccache ccache, krb5_creds * in_cred, krb5_creds ** out_cred, krb5_creds *** tgts);Service Program Name: QSYS/QKRBGSS
Default Public Authority: *USE
Threadsafe: Yes
The krb5_get_cred_from_kdc_validate() function validates a service ticket obtained from the Kerberos Key Distribution Center (KDC) server. The credentials are not stored in the credentials cache. (The application should store them in the cache if appropriate.)
Authorities
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the credentials cache file | *X |
Credentials cache file | *RW |
Parameters
- context (Input)
- The Kerberos context.
- ccache (Input)
- The credentials cache. The initial ticket-granting ticket for the local
realm must already be in the cache. The Kerberos runtime obtains additional
ticket-granting tickets as needed if the target server is not in the local
realm.
- in_cred (Input)
- The request credentials. The client and server fields
must be set to the desired values for the service ticket. The
second_ticket field must be set if the service ticket is to be
encrypted in a session key. The ticket expiration time can be set to override
the default expiration time.
- out_cred (Output)
- The validated service ticket. The krb5_free_creds()
routine should be called to release the credentials when they are no longer
needed.
- tgts (Output)
- Any new ticket-granting tickets that were obtained while getting the service target from the KDC in the target realm. There may be ticket-granting tickets returned for this parameter even if the Kerberos runtime ultimately was unable to obtain a service ticket from the target KDC. The krb5_free_tgt_creds() routine should be called to release the ticket-granting ticket array when it is no longer needed.
Return Value
If no errors occur, the return value is 0. Otherwise, a Kerberos error code is returned.
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
Usage Notes
- The application should call krb5_get_cred_from_kdc_validate() to validate a postdated ticket once the ticket start time has been reached.
API introduced: V5R1
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]