7050
7050
* @param [in] context Library context
7051
7051
* @param [in] creds Initial credentials to be verified
7052
* @param [in] server_arg Server principal (or NULL)
7053
* @param [in] keytab_arg Key table (NULL to use default keytab)
7054
* @param [in,out] ccache_arg Credential cache for fetched creds (or NULL)
7052
* @param [in] server Server principal (or NULL)
7053
* @param [in] keytab Key table (NULL to use default keytab)
7054
* @param [in,out] ccache Credential cache for fetched creds (or NULL)
7055
7055
* @param [in] options Verification options (NULL for default options)
7057
7057
* This function attempts to verify that @a creds were obtained from a KDC with
7058
* knowledge of a key in @a keytab_arg. If @a server_arg is provided, the
7059
* highest-kvno key entry for that principal name is used to verify the
7060
* credentials; otherwise, the highest-kvno key entry for the first principal
7061
* listed in @a keytab_arg is used.
7058
* knowledge of a key in @a keytab, or the default keytab if @a keytab is NULL.
7059
* If @a server is provided, the highest-kvno key entry for that principal name
7060
* is used to verify the credentials; otherwise, all unique "host" service
7061
* principals in the keytab are tried.
7063
7063
* If the specified keytab does not exist, or is empty, or cannot be read, or
7064
* does not contain an entry for @a server_arg, then credential verification
7065
* may be skipped unless configuration demands that it succeed. The caller can
7064
* does not contain an entry for @a server, then credential verification may be
7065
* skipped unless configuration demands that it succeed. The caller can
7066
7066
* control this behavior by providing a verification options structure; see
7067
7067
* krb5_verify_init_creds_opt_init() and
7068
7068
* krb5_verify_init_creds_opt_set_ap_req_nofail().
7070
* If @a ccache_arg is NULL, any additional credentials fetched during the
7071
* verification process will be destroyed. If @a ccache_arg points to NULL, a
7070
* If @a ccache is NULL, any additional credentials fetched during the
7071
* verification process will be destroyed. If @a ccache points to NULL, a
7072
7072
* memory ccache will be created for the additional credentials and returned in
7073
* @a ccache_arg. If @a ccache_arg points to a valid credential cache handle,
7074
* the additional credentials will be stored in that cache.
7073
* @a ccache. If @a ccache points to a valid credential cache handle, the
7074
* additional credentials will be stored in that cache.
7076
7076
* @retval 0 Success; otherwise - Kerberos error codes
7078
7078
krb5_error_code KRB5_CALLCONV
7079
7079
krb5_verify_init_creds(krb5_context context, krb5_creds *creds,
7080
krb5_principal server_arg, krb5_keytab keytab_arg,
7081
krb5_ccache *ccache_arg, krb5_verify_init_creds_opt *options);
7080
krb5_principal server, krb5_keytab keytab,
7081
krb5_ccache *ccache,
7082
krb5_verify_init_creds_opt *options);
7084
7085
* Get validated credentials from the KDC.