Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

krb_get_svc_in_tkt(3krb) [ultrix man page]

krb_svc_init(3krb)														krb_svc_init(3krb)

Name
       krb_svc_init, krb_get_svc_in_tkt, krb_get_pw_in_tkt - Kerberos authentication initialization routines

Syntax
	#include <krb.h>
	#include <des.h>

	krb_svc_init  (user, instance, realm, lifetime,
			     srvtab_file, tkt_file)
	char	 *user, *instance, *realm;
	int lifetime;
	char	 *srvtab_file, *tkt_file;

	krb_get_svc_in_tkt  (user, instance, realm, service,
				   service_instance, lifetime,
				   srvtab_file)
	char	 *user, *instance, *realm, *service,;
	char	 *service_instance;
	int lifetime;
	char	 *srvtab_file;

	krb_get_pw_in_tkt  (user, instance, realm, service,
				     service_instance, lifetime,
				     password)
	char	 *user, *instance, *realm,;
	char	 *service, *service_instance;
	int lifetime;
	char	 *password;

Arguments
       user	For  and  the  primary	name of the principal that is obtaining a ticket that will authenticate it to principal, service.  For the
		primary name of the principal that is obtaining a ticket to communicate with the ticket-granting service.

       instance For and the instance name of the principal that is obtaining a ticket that will authenticate it to principal,  service.   For  the
		instance name of the principal that is obtaining a ticket to communicate with the ticket-granting service.

       realm	For and the realm name of the principal that is obtaining a ticket that will authenticate it to principal, service.  For the realm
		name of the principal that is obtaining a ticket to communicate with the ticket-granting service.

       service	The primary name of the service for which a ticket will be obtained.

       service_instance
		The instance of the service for which a ticket will be obtained.

       lifetime The number of five-minute intervals for which the obtained ticket should be valid.  Values greater than 255 will be  set  to  255.
		Values greater than the maximum lifetime allowed for tickets given to the requesting principal will be set to the maximum lifetime
		allowed.  The maximum lifetime of the tickets granted to a principal is determined when the principal is  added  to  the  Kerberos
		database.

       srvtab_file
		The  path  name  of the file that contains the key of the principal obtaining a ticket.  If this value is set to the NULL pointer,
		the default service table (srvtab) file value is used.	The default srvtab file value is set by default   to although  this  value
		can be changed by a call to the function.  (Refer to

       tkt_file The path name of the file into which the credentials and tickets of the user or service should be placed.  If the tkt_file parame-
		ter is equal to the NULL pointer, then the default ticket file value is used.  The default ticket file value is set  equal  to	is
		the user ID of the process that calls the above functions.  The default  ticket file value can be changed by the function call.

       password The  password  of the principal that is obtaining a ticket that will authenticate it to principal, service.  If the password input
		is the NULL string, then will prompt for a password on and read the password from

Description
       The routines are designed to obtain for the requesting principal a ticket to communicate with a specific service.  They	require  that  the
       password/key  of  the requesting principal be either available as an argument, or available from the srvtab_file argument or from Since the
       routines always require a password, they are best used to obtain the ticket used to communicate	with  the  ticket-granting  service.   The
       ticket-granting ticket is used by the other Kerberos routines to obtain tickets to communicate with principals other than the ticket-grant-
       ing service, without needing the key of the principal.

       The routines as well as the routines will not work as intended without the presence of a ticket-granting ticket.

       The routines of are as follows:

       krb_svc_init

       For the principal with a primary name of user, an instance name of instance, and a realm name of realm, the routine obtains a  ticket  that
       the  principal  can  use to communicate with the ticket-granting service.  The key of the principal is read from srvtab_file and the ticket
       obtained is placed in tkt_file.

       If the realm argument is equivalent to the NULL string, then the realm of which the local host is a member, is used by default.	 If  life-
       time  is  equivalent  to  0,  then  the	default  lifetime,  255,  is  used.  If srvtab_file is not equivalent to the NULL string, then the
       srvtab_file parameter is used as the service table (srvtab) file name and the default srvtab file is set equal to the  srvtab_file  parame-
       ter.   If srvtab_file is equivalent to NULL, then the default srvtab file is used.  If the tkt_file parameter is not equivalent to the NULL
       string, then the tkt_file parameter is used as the ticket file name and the default ticket file is set equal to the tkt_file parameter.	If
       the tkt_file parameter is NULL, then the default ticket file value is used.

       returns	INT_OK	if  has successfully obtained a ticket-granting ticket.  The following is a list of most of the error values returned from
       and their possible cause:

       KFAILURE The file (see cannot be opened or it is not properly formed, or
		The service table (srvtab) file does not exist, or
		A read of the srvtab file failed, or
		The srvtab file is badly formatted, or
		The srvtab file did not contain the key of the principal with primary name, user, or
		A write to the ticket file failed.

       SKDC_CANT
		A Kerberos server must be contacted so that can perform its function, but the attempt cannot be made because a	socket	cannot	be
		opened or bound, or there is no Kerberos server listed in

       SKDC_RETRY
		A Kerberos server needs to be contacted, but none responded even after several attempts.

       INTK_PROT
		Kerberos  protocol  version mismatch.  The version of the Kerberos protocol supported by does not match the Kerberos protocol ver-
		sion supported by the daemon.

       INTK_BADPW
		The ticket returned by the daemon did not decrypt correctly.  This is usually caused by an incorrect service password.

       INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
		The ticket file cannot be accessed, or
		The ticket file could not be created, or
		A write operation to the ticket file failed.

       TKT_FIL_LCK
		The ticket file could not be locked for access.

       krb_get_svc_in_tkt

       For the principal with a primary name of user, an instance name of instance and a realm name of realm, the routine obtains a ticket to com-
       municate with the principal that has a primary name of service and an instance name of service_instance.  The key of the requesting primary
       is read from the file srvtab_file and the tickets are placed in the default ticket file.  If the srvtab_file argument is equivalent to  the
       NULL  string,  then  the default srvtab file value is used instead of the srvtab_file parameter.  The default srvtab file value and default
       ticket file value can be changed respectively by and To obtain the ticket-granting ticket, the service  parameter  must	be  set  equal	to
       "krbtgt" and the service_instance argument must be set equal to the realm name of the local realm.

       returns	INT_OK if has successfully obtained a ticket to communicate with principal, service.  The following is a list of most of the error
       values returned from and their possible causes:

       KFAILURE The file cannot be opened or it is not properly
		formed, or
		A read of the service table (srvtab) file failed, or
		The srvtab file did not contain the key of the principal with primary name, user, or
		A write to the ticket file failed.

       SKDC_CANT
		A Kerberos server must be contacted in order for to perform its function, but the attempt cannot be made because a  socket  cannot
		be opened or bound, or there is no Kerberos server listed in

       SKDC_RETRY
		A Kerberos server needs to be contacted but none responded even after several attempts.

       INTK_PROT
		Kerberos  protocol  version mismatch.  The version of the Kerberos protocol supported by does not match the Kerberos protocol ver-
		sion supported by the daemon.

       INTK_BADPW
		The ticket returned by the daemon did not decrypt correctly.  This is usually caused by an incorrect service password.

       INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
		The ticket file cannot be accessed, or
		The ticket file could not be created, or
		A write operation to the ticket file failed.

       TKT_FIL_LCK
		The ticket file could not be locked for access.

       krb_get_pw_in_tkt

       For the principal with a primary name of user, an instance name of instance, and a realm name of realm, the routine  obtains  a	ticket	to
       communicate  with  the principal with a primary name of service and an instance name of service_instance.  The key of the principal must be
       input either as the password parameter or, if the password field is equivalent to the NULL string, the password must be input from

       The tickets that are obtained are placed in the default ticket file.  The default ticket file can be changed by the  function.	To  obtain
       the  ticket-granting ticket, the service parameter must be set equal to "krbtgt" and the service_instance argument must be set equal to the
       realm name of the local realm.

       returns INT_OK if has successfully obtained a ticket to communicate with principal, service.  The following is a list of most of the  error
       values returned from and their possible causes:

       KFAILURE file cannot be opened or it is not properly formed.  A write to the ticket file failed.

       SKDC_CANT
		A Kerberos server must be contacted in order for to perform its function but the attempt cannot be made because a socket cannot be
		opened or bound, or there is no Kerberos server listed in

       SKDC_RETRY
		A Kerberos server needs to be contacted but none responded even after several attempts.

       INTK_PROT
		Kerberos protocol version mismatch.  The version of the Kerberos protocol supported by does not match the Kerberos  protocol  ver-
		sion supported by the daemon.

       INTK_BADPW
		The ticket returned by the daemon did not decrypt correctly.  This is usually caused by an incorrect user password.

       INTK_ERR The ticket sent from the daemon was not a ticket to communicate with the ticket-granting service, or
		The ticket file cannot be accessed, or
		The ticket file could not be created, or
		A write operation to the ticket file failed.

       TKT_FIL_LCK
		The ticket file could not be locked for access.

See Also
       krb_get_lrealm(3krb), krb_set_tkt_string(3krb), kerberos(3krb), krb_sendauth(3krb), kerberos(8krb)

																krb_svc_init(3krb)
Man Page