| KRB5_GET_INIT_CREDS(3) | Library Functions Manual | KRB5_GET_INIT_CREDS(3) | 
krb5_get_init_creds,
  krb5_get_init_creds_keytab,
  krb5_get_init_creds_opt,
  krb5_get_init_creds_opt_alloc,
  krb5_get_init_creds_opt_free,
  krb5_get_init_creds_opt_init,
  krb5_get_init_creds_opt_set_address_list,
  krb5_get_init_creds_opt_set_addressless,
  krb5_get_init_creds_opt_set_anonymous,
  krb5_get_init_creds_opt_set_default_flags,
  krb5_get_init_creds_opt_set_etype_list,
  krb5_get_init_creds_opt_set_forwardable,
  krb5_get_init_creds_opt_set_pa_password,
  krb5_get_init_creds_opt_set_paq_request,
  krb5_get_init_creds_opt_set_preauth_list,
  krb5_get_init_creds_opt_set_proxiable,
  krb5_get_init_creds_opt_set_renew_life,
  krb5_get_init_creds_opt_set_salt,
  krb5_get_init_creds_opt_set_tkt_life,
  krb5_get_init_creds_opt_set_canonicalize,
  krb5_get_init_creds_opt_set_win2k,
  krb5_get_init_creds_password,
  krb5_prompt,
  krb5_prompter_posix —
#include <krb5/krb5.h>
  
  krb5_get_init_creds_opt;
  
  krb5_error_code
  
  krb5_get_init_creds_opt_alloc(krb5_context
    context, krb5_get_init_creds_opt **opt);
void
  
  krb5_get_init_creds_opt_free(krb5_context
    context, krb5_get_init_creds_opt *opt);
void
  
  krb5_get_init_creds_opt_init(krb5_get_init_creds_opt
    *opt);
void
  
  krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt
    *opt, krb5_addresses *addresses);
void
  
  krb5_get_init_creds_opt_set_addressless(krb5_get_init_creds_opt
    *opt, krb5_boolean addressless);
void
  
  krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt
    *opt, int anonymous);
void
  
  krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt
    *opt, int change_password_prompt);
void
  
  krb5_get_init_creds_opt_set_default_flags(krb5_context
    context, const char *appname,
    krb5_const_realm realm,
    krb5_get_init_creds_opt *opt);
void
  
  krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt
    *opt, krb5_enctype *etype_list,
    int etype_list_length);
void
  
  krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt
    *opt, int forwardable);
krb5_error_code
  
  krb5_get_init_creds_opt_set_pa_password(krb5_context
    context, krb5_get_init_creds_opt *opt,
    const char *password, krb5_s2k_proc
    key_proc);
krb5_error_code
  
  krb5_get_init_creds_opt_set_paq_request(krb5_context
    context, krb5_get_init_creds_opt *opt,
    krb5_boolean req_pac);
krb5_error_code
  
  krb5_get_init_creds_opt_set_pkinit(krb5_context
    context, krb5_get_init_creds_opt *opt,
    const char *cert_file, const char
    *key_file, const char *x509_anchors,
    int flags, char *password);
void
  
  krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt
    *opt, krb5_preauthtype *preauth_list,
    int preauth_list_length);
void
  
  krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt
    *opt, int proxiable);
void
  
  krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt
    *opt, krb5_deltat renew_life);
void
  
  krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt
    *opt, krb5_data *salt);
void
  
  krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt
    *opt, krb5_deltat tkt_life);
krb5_error_code
  
  krb5_get_init_creds_opt_set_canonicalize(krb5_context
    context, krb5_get_init_creds_opt *opt,
    krb5_boolean req);
krb5_error_code
  
  krb5_get_init_creds_opt_set_win2k(krb5_context
    context, krb5_get_init_creds_opt *opt,
    krb5_boolean req);
krb5_error_code
  
  krb5_get_init_creds(krb5_context
    context, krb5_creds *creds,
    krb5_principal client,
    krb5_prompter_fct prompter, void
    *prompter_data, krb5_deltat start_time,
    const char *in_tkt_service,
    krb5_get_init_creds_opt *options);
krb5_error_code
  
  krb5_get_init_creds_password(krb5_context
    context, krb5_creds *creds,
    krb5_principal client, const char
    *password, krb5_prompter_fct prompter,
    void *prompter_data, krb5_deltat
    start_time, const char *in_tkt_service,
    krb5_get_init_creds_opt *in_options);
krb5_error_code
  
  krb5_get_init_creds_keytab(krb5_context
    context, krb5_creds *creds,
    krb5_principal client, krb5_keytab
    keytab, krb5_deltat start_time,
    const char *in_tkt_service,
    krb5_get_init_creds_opt *options);
int
  
  krb5_prompter_posix(krb5_context
    context, void *data, const char
    *name, const char *banner, int
    num_prompts, krb5_prompt prompts[]);
If you only want to verify a username and password, consider using krb5_verify_user(3) instead, since it also verifies that initial credentials with using a keytab to make sure the response was from the KDC.
First a krb5_get_init_creds_opt structure
    is initialized with krb5_get_init_creds_opt_alloc()
    or krb5_get_init_creds_opt_init().
    krb5_get_init_creds_opt_alloc() allocates a
    extendible structures that needs to be freed with
    krb5_get_init_creds_opt_free(). The structure may be
    modified by any of the krb5_get_init_creds_opt_set()
    functions to change request parameters and authentication information.
If the caller want to use the default options,
    NULL can be passed instead.
The the actual request to the KDC is done by any of the
    krb5_get_init_creds(),
    krb5_get_init_creds_password(), or
    krb5_get_init_creds_keytab() functions.
    krb5_get_init_creds() is the least specialized
    function and can, with the right in data, behave like the latter two. The
    latter two are there for compatibility with older releases and they are
    slightly easier to use.
krb5_prompt is a structure containing the
    following elements:
typedef struct {
    const char *prompt;
    int hidden;
    krb5_data *reply;
    krb5_prompt_type type
} krb5_prompt;
prompt is the prompt that should shown to the user If hidden is set, the prompter function shouldn't echo the output to the display device. reply must be preallocated; it will not be allocated by the prompter function. Possible values for the type element are:
krb5_prompter_posix() is the default
    prompter function in a POSIX environment. It matches the
    krb5_prompter_fct and can be used in the
    krb5_get_init_creds functions.
    krb5_prompter_posix() doesn't require
    prompter_data.
If the start_time is zero, then the requested ticket will be valid beginning immediately. Otherwise, the start_time indicates how far in the future the ticket should be postdated.
If the in_tkt_service name is
    non-NULL, that principal name will be used as the
    server name for the initial ticket request. The realm of the name specified
    will be ignored and will be set to the realm of the client name. If no
    in_tkt_service name is specified, krbtgt/CLIENT-REALM@CLIENT-REALM will be
    used.
For the rest of arguments, a configuration or library default will be used if no value is specified in the options structure.
krb5_get_init_creds_opt_set_address_list()
    sets the list of addresses that is should be stored in
    the ticket.
krb5_get_init_creds_opt_set_addressless()
    controls if the ticket is requested with addresses or not,
    krb5_get_init_creds_opt_set_address_list() overrides
    this option.
krb5_get_init_creds_opt_set_anonymous()
    make the request anonymous if the anonymous parameter
    is non-zero.
krb5_get_init_creds_opt_set_default_flags()
    sets the default flags using the configuration file.
krb5_get_init_creds_opt_set_etype_list()
    set a list of enctypes that the client is willing to support in the
  request.
krb5_get_init_creds_opt_set_forwardable()
    request a forwardable ticket.
krb5_get_init_creds_opt_set_pa_password()
    set the password and key_proc
    that is going to be used to get a new ticket. password
    or key_proc can be NULL if the
    caller wants to use the default values. If the
    password is unset and needed, the user will be
    prompted for it.
krb5_get_init_creds_opt_set_paq_request()
    sets the password that is going to be used to get a new ticket.
krb5_get_init_creds_opt_set_preauth_list()
    sets the list of client-supported preauth types.
krb5_get_init_creds_opt_set_proxiable()
    makes the request proxiable.
krb5_get_init_creds_opt_set_renew_life()
    sets the requested renewable lifetime.
krb5_get_init_creds_opt_set_salt() sets
    the salt that is going to be used in the request.
krb5_get_init_creds_opt_set_tkt_life()
    sets requested ticket lifetime.
krb5_get_init_creds_opt_set_canonicalize()
    requests that the KDC canonicalize the client principal if possible.
krb5_get_init_creds_opt_set_win2k() turns
    on compatibility with Windows 2000.
| Sep 16, 2006 | NetBSD 10.0 |