shishi_tkt_transited_policy_checked_p(3) [debian man page]
shishi_tkt_transited_policy_checked_p(3) shishi shishi_tkt_transited_policy_checked_p(3)NAME
shishi_tkt_transited_policy_checked_p - API function
SYNOPSIS
#include <shishi.h>
int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);
ARGUMENTS
Shishi_tkt * tkt
input variable with ticket info.
DESCRIPTION
Determine if ticket has been policy checked for transit.
The application server is ultimately responsible for accepting or rejecting authentication and SHOULD check that only suitably trusted KDCs
are relied upon to authenticate a principal. The transited field in the ticket identifies which realms (and thus which KDCs) were involved
in the authentication process and an application server would normally check this field. If any of these are untrusted to authenticate the
indicated client principal (probably determined by a realm-based policy), the authentication attempt MUST be rejected. The presence of
trusted KDCs in this list does not provide any guarantee; an untrusted KDC may have fabricated the list.
While the end server ultimately decides whether authentication is valid, the KDC for the end server's realm MAY apply a realm specific pol-
icy for validating the transited field and accepting credentials for cross-realm authentication. When the KDC applies such checks and
accepts such cross-realm authentication it will set the TRANSITED-POLICY-CHECKED flag in the service tickets it issues based on the
cross-realm TGT. A client MAY request that the KDCs not check the transited field by setting the DISABLE-TRANSITED-CHECK flag. KDCs are
encouraged but not required to honor this flag.
Application servers MUST either do the transited-realm checks themselves, or reject cross-realm tickets without TRANSITED-POLICY- CHECKED
set.
RETURN VALUE
Returns non-0 iff transited-policy-checked flag is set in ticket.
REPORTING BUGS
Report bugs to <bug-shishi@gnu.org>.
COPYRIGHT
Copyright (C) 2002-2010 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
SEE ALSO
The full documentation for shishi is maintained as a Texinfo manual. If the info and shishi programs are properly installed at your site,
the command
info shishi
should give you access to the complete manual.
shishi 1.0.1 shishi_tkt_transited_policy_checked_p(3)
Check Out this Related Man Page
shishi_init_with_paths(3) shishi shishi_init_with_paths(3)NAME
shishi_init_with_paths - API function
SYNOPSIS
#include <shishi.h>
int shishi_init_with_paths(Shishi ** handle, const char * tktsfile, const char * systemcfgfile, const char * usercfgfile);
ARGUMENTS
Shishi ** handle
pointer to handle to be created.
const char * tktsfile
Filename of ticket file, or NULL.
const char * systemcfgfile
Filename of system configuration, or NULL.
const char * usercfgfile
Filename of user configuration, or NULL.
DESCRIPTION
Create a Shishi library handle, using shishi(), and read the system configuration file, user configuration file, and user tickets from the
specified locations. If any of usercfgfile or systemcfgfile is NULL, the file is read from its default location, which for the system con-
figuration file is decided at compile time, and is $sysconfdir/shishi.conf, and for the user configuration file is $HOME/.shishi/config.
If the ticket file is NULL, a ticket file is not read at all.
The handle is allocated regardless of return values, except for SHISHI_HANDLE_ERROR which indicates a problem allocating the handle. (The
other error conditions comes from reading the files.)
RETURN VALUE
Returns SHISHI_OK iff successful.
REPORTING BUGS
Report bugs to <bug-shishi@gnu.org>.
COPYRIGHT
Copyright (C) 2002-2010 Simon Josefsson.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
SEE ALSO
The full documentation for shishi is maintained as a Texinfo manual. If the info and shishi programs are properly installed at your site,
the command
info shishi
should give you access to the complete manual.
shishi 1.0.1 shishi_init_with_paths(3)