xref: /freebsd/crypto/krb5/doc/html/_sources/appdev/refs/api/krb5_kdc_sign_ticket.rst.txt (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9)
1krb5_kdc_sign_ticket -  Sign a PAC, possibly including a ticket signature.
2===========================================================================
3
4..
5
6.. c:function:: krb5_error_code krb5_kdc_sign_ticket(krb5_context context, krb5_enc_tkt_part * enc_tkt, const krb5_pac pac, krb5_const_principal server_princ, krb5_const_principal client_princ, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm)
7
8..
9
10
11:param:
12
13	          **[in]** **context** - Library context
14
15	          **[in]** **enc_tkt** - The ticket for the signature
16
17	          **[in]** **pac** - PAC handle
18
19	          **[in]** **server_princ** - Canonical ticket server name
20
21	          **[in]** **client_princ** - PAC_CLIENT_INFO principal (or NULL)
22
23	          **[in]** **server** - Key for server checksum
24
25	          **[in]** **privsvr** - Key for KDC and ticket checksum
26
27	          **[in]** **with_realm** - If true, include the realm of *principal*
28
29
30..
31
32
33:retval:
34         -   0   on success, otherwise - Kerberos error codes
35
36
37..
38
39
40
41
42
43
44
45Sign *pac* using the keys *server* and *privsvr* . Include a ticket signature over *enc_tkt* if *server_princ* is not a TGS or kadmin/changepw principal name. Add the signed PAC's encoding to the authorization data of *enc_tkt* in the first slot, wrapped in an AD-IF-RELEVANT container. If *client_princ* is non-null, add a PAC_CLIENT_INFO buffer, including the realm if *with_realm* is true.
46
47
48
49
50
51
52
53
54
55
56..
57
58
59
60
61.. note::
62
63	 New in 1.20
64
65
66