Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shishi_tkt_transited_policy_checked_p(3) [debian man page]

shishi_tkt_transited_policy_checked_p(3)			      shishi				  shishi_tkt_transited_policy_checked_p(3)

NAME

       shishi_tkt_transited_policy_checked_p - API function

SYNOPSIS

       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);

ARGUMENTS

       Shishi_tkt * tkt
		   input variable with ticket info.

DESCRIPTION

       Determine if ticket has been policy checked for transit.

       The application server is ultimately responsible for accepting or rejecting authentication and SHOULD check that only suitably trusted KDCs
       are relied upon to authenticate a principal.  The transited field in the ticket identifies which realms (and thus which KDCs) were involved
       in  the authentication process and an application server would normally check this field. If any of these are untrusted to authenticate the
       indicated client principal (probably determined by a realm-based policy), the authentication attempt MUST  be  rejected.  The  presence	of
       trusted KDCs in this list does not provide any guarantee; an untrusted KDC may have fabricated the list.

       While the end server ultimately decides whether authentication is valid, the KDC for the end server's realm MAY apply a realm specific pol-
       icy for validating the transited field and accepting credentials for cross-realm authentication. When  the  KDC	applies  such  checks  and
       accepts	such  cross-realm  authentication  it  will  set  the  TRANSITED-POLICY-CHECKED flag in the service tickets it issues based on the
       cross-realm TGT. A client MAY request that the KDCs not check the transited field by setting the  DISABLE-TRANSITED-CHECK  flag.  KDCs  are
       encouraged but not required to honor this flag.

       Application  servers  MUST either do the transited-realm checks themselves, or reject cross-realm tickets without TRANSITED-POLICY- CHECKED
       set.

RETURN VALUE

       Returns non-0 iff transited-policy-checked flag is set in ticket.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright (C) 2002-2010 Simon Josefsson.
       Copying and distribution of this file, with or without modification, are permitted in any medium without  royalty  provided  the  copyright
       notice and this notice are preserved.

SEE ALSO

       The  full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are properly installed at your site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi								       1.0.1				  shishi_tkt_transited_policy_checked_p(3)

Check Out this Related Man Page

shishi_init_with_paths(3)					      shishi						 shishi_init_with_paths(3)

NAME

       shishi_init_with_paths - API function

SYNOPSIS

       #include <shishi.h>

       int shishi_init_with_paths(Shishi ** handle, const char * tktsfile, const char * systemcfgfile, const char * usercfgfile);

ARGUMENTS

       Shishi ** handle
		   pointer to handle to be created.

       const char * tktsfile
		   Filename of ticket file, or NULL.

       const char * systemcfgfile
		   Filename of system configuration, or NULL.

       const char * usercfgfile
		   Filename of user configuration, or NULL.

DESCRIPTION

       Create  a Shishi library handle, using shishi(), and read the system configuration file, user configuration file, and user tickets from the
       specified locations.  If any of usercfgfile or systemcfgfile is NULL, the file is read from its default location, which for the system con-
       figuration  file  is  decided at compile time, and is $sysconfdir/shishi.conf, and for the user configuration file is $HOME/.shishi/config.
       If the ticket file is NULL, a ticket file is not read at all.

       The handle is allocated regardless of return values, except for SHISHI_HANDLE_ERROR which indicates a problem allocating the handle.   (The
       other error conditions comes from reading the files.)

RETURN VALUE

       Returns SHISHI_OK iff successful.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright (C) 2002-2010 Simon Josefsson.
       Copying	and  distribution  of  this file, with or without modification, are permitted in any medium without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO

       The full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are properly installed at your  site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi								       1.0.1						 shishi_init_with_paths(3)
Man Page