krb_svc_init(3krb) krb_svc_init(3krb)
Name
krb_svc_init, krb_get_svc_in_tkt, krb_get_pw_in_tkt - Kerberos authentication initialization routines
Syntax
#include <krb.h>
#include <des.h>
krb_svc_init (user, instance, realm, lifetime,
srvtab_file, tkt_file)
char *user, *instance, *realm;
int lifetime;
char *srvtab_file, *tkt_file;
krb_get_svc_in_tkt (user, instance, realm, service,
service_instance, lifetime,
srvtab_file)
char *user, *instance, *realm, *service,;
char *service_instance;
int lifetime;
char *srvtab_file;
krb_get_pw_in_tkt (user, instance, realm, service,
service_instance, lifetime,
password)
char *user, *instance, *realm,;
char *service, *service_instance;
int lifetime;
char *password;
Arguments
user For and the primary name of the principal that is obtaining a ticket that will authenticate it to principal, service. For the
primary name of the principal that is obtaining a ticket to communicate with the ticket-granting service.
instance For and the instance name of the principal that is obtaining a ticket that will authenticate it to principal, service. For the
instance name of the principal that is obtaining a ticket to communicate with the ticket-granting service.
realm For and the realm name of the principal that is obtaining a ticket that will authenticate it to principal, service. For the realm
name of the principal that is obtaining a ticket to communicate with the ticket-granting service.
service The primary name of the service for which a ticket will be obtained.
service_instance
The instance of the service for which a ticket will be obtained.
lifetime The number of five-minute intervals for which the obtained ticket should be valid. Values greater than 255 will be set to 255.
Values greater than the maximum lifetime allowed for tickets given to the requesting principal will be set to the maximum lifetime
allowed. The maximum lifetime of the tickets granted to a principal is determined when the principal is added to the Kerberos
database.
srvtab_file
The path name of the file that contains the key of the principal obtaining a ticket. If this value is set to the NULL pointer,
the default service table (srvtab) file value is used. The default srvtab file value is set by default to although this value
can be changed by a call to the function. (Refer to
tkt_file The path name of the file into which the credentials and tickets of the user or service should be placed. If the tkt_file parame-
ter is equal to the NULL pointer, then the default ticket file value is used. The default ticket file value is set equal to is
the user ID of the process that calls the above functions. The default ticket file value can be changed by the function call.
password The password of the principal that is obtaining a ticket that will authenticate it to principal, service. If the password input
is the NULL string, then will prompt for a password on and read the password from
Description
The routines are designed to obtain for the requesting principal a ticket to communicate with a specific service. They require that the
password/key of the requesting principal be either available as an argument, or available from the srvtab_file argument or from Since the
routines always require a password, they are best used to obtain the ticket used to communicate with the ticket-granting service. The
ticket-granting ticket is used by the other Kerberos routines to obtain tickets to communicate with principals other than the ticket-grant-
ing service, without needing the key of the principal.
The routines as well as the routines will not work as intended without the presence of a ticket-granting ticket.
The routines of are as follows:
krb_svc_init
For the principal with a primary name of user, an instance name of instance, and a realm name of realm, the routine obtains a ticket that
the principal can use to communicate with the ticket-granting service. The key of the principal is read from srvtab_file and the ticket
obtained is placed in tkt_file.
If the realm argument is equivalent to the NULL string, then the realm of which the local host is a member, is used by default. If life-
time is equivalent to 0, then the default lifetime, 255, is used. If srvtab_file is not equivalent to the NULL string, then the
srvtab_file parameter is used as the service table (srvtab) file name and the default srvtab file is set equal to the srvtab_file parame-
ter. If srvtab_file is equivalent to NULL, then the default srvtab file is used. If the tkt_file parameter is not equivalent to the NULL
string, then the tkt_file parameter is used as the ticket file name and the default ticket file is set equal to the tkt_file parameter. If
the tkt_file parameter is NULL, then the default ticket file value is used.
returns INT_OK if has successfully obtained a ticket-granting ticket. The following is a list of most of the error values returned from
and their possible cause:
KFAILURE The file (see cannot be opened or it is not properly formed, or
The service table (srvtab) file does not exist, or
A read of the srvtab file failed, or
The srvtab file is badly formatted, or
The srvtab file did not contain the key of the principal with primary name, user, or
A write to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted so that can perform its function, but the attempt cannot be made because a socket cannot be
opened or bound, or there is no Kerberos server listed in
SKDC_RETRY
A Kerberos server needs to be contacted, but none responded even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Kerberos protocol supported by does not match the Kerberos protocol ver-
sion supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly. This is usually caused by an incorrect service password.
INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
krb_get_svc_in_tkt
For the principal with a primary name of user, an instance name of instance and a realm name of realm, the routine obtains a ticket to com-
municate with the principal that has a primary name of service and an instance name of service_instance. The key of the requesting primary
is read from the file srvtab_file and the tickets are placed in the default ticket file. If the srvtab_file argument is equivalent to the
NULL string, then the default srvtab file value is used instead of the srvtab_file parameter. The default srvtab file value and default
ticket file value can be changed respectively by and To obtain the ticket-granting ticket, the service parameter must be set equal to
"krbtgt" and the service_instance argument must be set equal to the realm name of the local realm.
returns INT_OK if has successfully obtained a ticket to communicate with principal, service. The following is a list of most of the error
values returned from and their possible causes:
KFAILURE The file cannot be opened or it is not properly
formed, or
A read of the service table (srvtab) file failed, or
The srvtab file did not contain the key of the principal with primary name, user, or
A write to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted in order for to perform its function, but the attempt cannot be made because a socket cannot
be opened or bound, or there is no Kerberos server listed in
SKDC_RETRY
A Kerberos server needs to be contacted but none responded even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Kerberos protocol supported by does not match the Kerberos protocol ver-
sion supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly. This is usually caused by an incorrect service password.
INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
krb_get_pw_in_tkt
For the principal with a primary name of user, an instance name of instance, and a realm name of realm, the routine obtains a ticket to
communicate with the principal with a primary name of service and an instance name of service_instance. The key of the principal must be
input either as the password parameter or, if the password field is equivalent to the NULL string, the password must be input from
The tickets that are obtained are placed in the default ticket file. The default ticket file can be changed by the function. To obtain
the ticket-granting ticket, the service parameter must be set equal to "krbtgt" and the service_instance argument must be set equal to the
realm name of the local realm.
returns INT_OK if has successfully obtained a ticket to communicate with principal, service. The following is a list of most of the error
values returned from and their possible causes:
KFAILURE file cannot be opened or it is not properly formed. A write to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted in order for to perform its function but the attempt cannot be made because a socket cannot be
opened or bound, or there is no Kerberos server listed in
SKDC_RETRY
A Kerberos server needs to be contacted but none responded even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Kerberos protocol supported by does not match the Kerberos protocol ver-
sion supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly. This is usually caused by an incorrect user password.
INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
See Also
krb_get_lrealm(3krb), krb_set_tkt_string(3krb), kerberos(3krb), krb_sendauth(3krb), kerberos(8krb)
krb_svc_init(3krb)