programatically determine if the tgt has expired
Booker C. Bense
bbense at networking.stanford.edu
Tue May 28 12:26:30 EDT 2002
On Fri, 24 May 2002, Sam Hartman wrote:
> The mechanism klist uses is the best current mechanism. If you want
> to propose an api on the krbdev at mit.edu list and provide an
> implementation of that API if people think it is reasonable, that
> would be a fine mechanism to improve the product.
>
- Here's what I use, The arglist should change since it is based
on a K4 function that did similar things.
- Booker C. Bense
int
ticket_expired(krb5_context ctx,
krb5_ccache ccache,
krb5_principal k5_me,
char *service,char *inst, char *realm, int check ) {
krb5_creds *v5creds = 0;
krb5_creds increds, *outcreds = NULL ;
krb5_principal k5service ;
int rem = 1;
int lifetime,len_rlm,len_sn ;
int now,then ;
memset((char *) &increds, 0, sizeof(increds));
len_rlm = strlen(realm);
if (rem = krb5_build_principal(ctx,
&k5service,
len_rlm,
realm,
service,
inst,
NULL)) {
com_err(progname, rem,
"while creating service principal name");
return rem ;
}
increds.client = k5_me;
increds.server = k5service;
rem = krb5_get_credentials(ctx,0,ccache, &increds,&outcreds);
now = time(0);
if (rem == 0) {
then = outcreds->times.endtime ;
if ( then < ( now + 60*check + FUDGE_FACTOR)) {
rem = KRB5KRB_AP_ERR_TKT_EXPIRED;
}
}
if ( k5service != NULL ) {
krb5_free_principal(ctx,k5service);
}
if ( outcreds != NULL ) {
krb5_free_creds(ctx,outcreds);
}
return rem ;
}
More information about the Kerberos
mailing list