1.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id$ 33.\" 34.Dd May 1, 2006 35.Dt KRB5_VERIFY_INIT_CREDS 3 36.Os HEIMDAL 37.Sh NAME 38.Nm krb5_verify_init_creds_opt_init , 39.Nm krb5_verify_init_creds_opt_set_ap_req_nofail , 40.Nm krb5_verify_init_creds 41.Nd "verifies a credential cache is correct by using a local keytab" 42.Sh LIBRARY 43Kerberos 5 Library (libkrb5, -lkrb5) 44.Sh SYNOPSIS 45.In krb5.h 46.Pp 47.Li "struct krb5_verify_init_creds_opt;" 48.Ft void 49.Fo krb5_verify_init_creds_opt_init 50.Fa "krb5_verify_init_creds_opt *options" 51.Fc 52.Ft void 53.Fo krb5_verify_init_creds_opt_set_ap_req_nofail 54.Fa "krb5_verify_init_creds_opt *options" 55.Fa "int ap_req_nofail" 56.Fc 57.Ft krb5_error_code 58.Fo krb5_verify_init_creds 59.Fa "krb5_context context" 60.Fa "krb5_creds *creds" 61.Fa "krb5_principal ap_req_server" 62.Fa "krb5_ccache *ccache" 63.Fa "krb5_verify_init_creds_opt *options" 64.Fc 65.Sh DESCRIPTION 66The 67.Nm krb5_verify_init_creds 68function verifies the initial tickets with the local keytab to make 69sure the response of the KDC was spoof-ed. 70.Pp 71.Nm krb5_verify_init_creds 72will use principal 73.Fa ap_req_server 74from the local keytab, if 75.Dv NULL 76is passed in, the code will guess the local hostname and use that to 77form host/hostname/GUESSED-REALM-FOR-HOSTNAME. 78.Fa creds 79is the credential that 80.Nm krb5_verify_init_creds 81should verify. 82If 83.Fa ccache 84is given 85.Fn krb5_verify_init_creds 86stores all credentials it fetched from the KDC there, otherwise it 87will use a memory credential cache that is destroyed when done. 88.Pp 89.Fn krb5_verify_init_creds_opt_init 90cleans the the structure, must be used before trying to pass it in to 91.Fn krb5_verify_init_creds . 92.Pp 93.Fn krb5_verify_init_creds_opt_set_ap_req_nofail 94controls controls the behavior if 95.Fa ap_req_server 96doesn't exists in the local keytab or in the KDC's database, if it's 97true, the error will be ignored. Note that this use is possible 98insecure. 99.Sh SEE ALSO 100.Xr krb5 3 , 101.Xr krb5_get_init_creds 3 , 102.Xr krb5_verify_user 3 , 103.Xr krb5.conf 5 104