krb_svc_init(3krb)krb_svc_init(3krb)Name
krb_svc_init, krb_get_svc_in_tkt, krb_get_pw_in_tkt - Kerberos authen‐
tication initialization routines
Syntax
#include <krb.h>
#include <des.h>
krb_svc_init (user, instance, realm, lifetime,
srvtab_file, tkt_file)
char *user, *instance, *realm;
int lifetime;
char *srvtab_file, *tkt_file;
krb_get_svc_in_tkt (user, instance, realm, service,
service_instance, lifetime,
srvtab_file)
char *user, *instance, *realm, *service,;
char *service_instance;
int lifetime;
char *srvtab_file;
krb_get_pw_in_tkt (user, instance, realm, service,
service_instance, lifetime,
password)
char *user, *instance, *realm,;
char *service, *service_instance;
int lifetime;
char *password;
Arguments
user For and the primary name of the principal that is obtaining a
ticket that will authenticate it to principal, service. For
the primary name of the principal that is obtaining a ticket
to communicate with the ticket-granting service.
instance For and the instance name of the principal that is obtaining a
ticket that will authenticate it to principal, service. For
the instance name of the principal that is obtaining a ticket
to communicate with the ticket-granting service.
realm For and the realm name of the principal that is obtaining a
ticket that will authenticate it to principal, service. For
the realm name of the principal that is obtaining a ticket to
communicate with the ticket-granting service.
service The primary name of the service for which a ticket will be
obtained.
service_instance
The instance of the service for which a ticket will be
obtained.
lifetime The number of five-minute intervals for which the obtained
ticket should be valid. Values greater than 255 will be set
to 255. Values greater than the maximum lifetime allowed for
tickets given to the requesting principal will be set to the
maximum lifetime allowed. The maximum lifetime of the tickets
granted to a principal is determined when the principal is
added to the Kerberos database.
srvtab_file
The path name of the file that contains the key of the princi‐
pal obtaining a ticket. If this value is set to the NULL
pointer, the default service table (srvtab) file value is
used. The default srvtab file value is set by default to
although this value can be changed by a call to the function.
(Refer to
tkt_file The path name of the file into which the credentials and tick‐
ets of the user or service should be placed. If the tkt_file
parameter is equal to the NULL pointer, then the default
ticket file value is used. The default ticket file value is
set equal to is the user ID of the process that calls the
above functions. The default ticket file value can be
changed by the function call.
password The password of the principal that is obtaining a ticket that
will authenticate it to principal, service. If the password
input is the NULL string, then will prompt for a password on
and read the password from
Description
The routines are designed to obtain for the requesting principal a
ticket to communicate with a specific service. They require that the
password/key of the requesting principal be either available as an
argument, or available from the srvtab_file argument or from Since the
routines always require a password, they are best used to obtain the
ticket used to communicate with the ticket-granting service. The
ticket-granting ticket is used by the other Kerberos routines to obtain
tickets to communicate with principals other than the ticket-granting
service, without needing the key of the principal.
The routines as well as the routines will not work as intended without
the presence of a ticket-granting ticket.
The routines of are as follows:
krb_svc_init
For the principal with a primary name of user, an instance name of
instance, and a realm name of realm, the routine obtains a ticket that
the principal can use to communicate with the ticket-granting service.
The key of the principal is read from srvtab_file and the ticket
obtained is placed in tkt_file.
If the realm argument is equivalent to the NULL string, then the realm
of which the local host is a member, is used by default. If lifetime
is equivalent to 0, then the default lifetime, 255, is used. If
srvtab_file is not equivalent to the NULL string, then the srvtab_file
parameter is used as the service table (srvtab) file name and the
default srvtab file is set equal to the srvtab_file parameter. If
srvtab_file is equivalent to NULL, then the default srvtab file is
used. If the tkt_file parameter is not equivalent to the NULL string,
then the tkt_file parameter is used as the ticket file name and the
default ticket file is set equal to the tkt_file parameter. If the
tkt_file parameter is NULL, then the default ticket file value is used.
returns INT_OK if has successfully obtained a ticket-granting ticket.
The following is a list of most of the error values returned from and
their possible cause:
KFAILURE The file (see cannot be opened or it is not properly formed,
or
The service table (srvtab) file does not exist, or
A read of the srvtab file failed, or
The srvtab file is badly formatted, or
The srvtab file did not contain the key of the principal with
primary name, user, or
A write to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted so that can perform its
function, but the attempt cannot be made because a socket can‐
not be opened or bound, or there is no Kerberos server listed
in
SKDC_RETRY
A Kerberos server needs to be contacted, but none responded
even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Ker‐
beros protocol supported by does not match the Kerberos proto‐
col version supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly.
This is usually caused by an incorrect service password.
INTK_ERR The ticket sent from the daemon was not a ticket to communi‐
cate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
krb_get_svc_in_tkt
For the principal with a primary name of user, an instance name of
instance and a realm name of realm, the routine obtains a ticket to
communicate with the principal that has a primary name of service and
an instance name of service_instance. The key of the requesting pri‐
mary is read from the file srvtab_file and the tickets are placed in
the default ticket file. If the srvtab_file argument is equivalent to
the NULL string, then the default srvtab file value is used instead of
the srvtab_file parameter. The default srvtab file value and default
ticket file value can be changed respectively by and To obtain the
ticket-granting ticket, the service parameter must be set equal to
"krbtgt" and the service_instance argument must be set equal to the
realm name of the local realm.
returns INT_OK if has successfully obtained a ticket to communicate
with principal, service. The following is a list of most of the error
values returned from and their possible causes:
KFAILURE The file cannot be opened or it is not properly
formed, or
A read of the service table (srvtab) file failed, or
The srvtab file did not contain the key of the principal with
primary name, user, or
A write to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted in order for to perform
its function, but the attempt cannot be made because a socket
cannot be opened or bound, or there is no Kerberos server
listed in
SKDC_RETRY
A Kerberos server needs to be contacted but none responded
even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Ker‐
beros protocol supported by does not match the Kerberos proto‐
col version supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly.
This is usually caused by an incorrect service password.
INTK_ERR The ticket sent from the daemon was not a ticket to communi‐
cate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
krb_get_pw_in_tkt
For the principal with a primary name of user, an instance name of
instance, and a realm name of realm, the routine obtains a ticket to
communicate with the principal with a primary name of service and an
instance name of service_instance. The key of the principal must be
input either as the password parameter or, if the password field is
equivalent to the NULL string, the password must be input from
The tickets that are obtained are placed in the default ticket file.
The default ticket file can be changed by the function. To obtain the
ticket-granting ticket, the service parameter must be set equal to
"krbtgt" and the service_instance argument must be set equal to the
realm name of the local realm.
returns INT_OK if has successfully obtained a ticket to communicate
with principal, service. The following is a list of most of the error
values returned from and their possible causes:
KFAILURE file cannot be opened or it is not properly formed. A write
to the ticket file failed.
SKDC_CANT
A Kerberos server must be contacted in order for to perform
its function but the attempt cannot be made because a socket
cannot be opened or bound, or there is no Kerberos server
listed in
SKDC_RETRY
A Kerberos server needs to be contacted but none responded
even after several attempts.
INTK_PROT
Kerberos protocol version mismatch. The version of the Ker‐
beros protocol supported by does not match the Kerberos proto‐
col version supported by the daemon.
INTK_BADPW
The ticket returned by the daemon did not decrypt correctly.
This is usually caused by an incorrect user password.
INTK_ERR The ticket sent from the daemon was not a ticket to communi‐
cate with the ticket-granting service, or
The ticket file cannot be accessed, or
The ticket file could not be created, or
A write operation to the ticket file failed.
TKT_FIL_LCK
The ticket file could not be locked for access.
See Alsokrb_get_lrealm(3krb), krb_set_tkt_string(3krb), kerberos(3krb),
krb_sendauth(3krb), kerberos(8krb)krb_svc_init(3krb)