programatically determine if the tgt has expired

Booker C. Bense bbense at networking.stanford.edu
Tue May 28 12:26:30 EDT 2002


On Fri, 24 May 2002, Sam Hartman wrote:

> The mechanism klist uses is the best current mechanism.  If you want
> to propose an api on the krbdev at mit.edu list and provide an
> implementation of that API if people think it is reasonable, that
> would be a fine mechanism to improve the product.
>

- Here's what I use, The arglist should change since it is based
on a K4 function that did similar things.

- Booker C. Bense

int
ticket_expired(krb5_context ctx,
               krb5_ccache ccache,
               krb5_principal k5_me,
               char *service,char *inst, char *realm, int check ) {
    krb5_creds *v5creds = 0;
    krb5_creds increds, *outcreds = NULL ;
    krb5_principal k5service ;

    int rem = 1;
    int lifetime,len_rlm,len_sn ;
    int now,then ;

    memset((char *) &increds, 0, sizeof(increds));


    len_rlm = strlen(realm);
    if (rem = krb5_build_principal(ctx,
                                   &k5service,
                                   len_rlm,
                                   realm,
                                   service,
                                   inst,
                                   NULL)) {
        com_err(progname, rem,
                "while creating service principal name");
        return rem ;
    }

    increds.client = k5_me;
    increds.server = k5service;

    rem = krb5_get_credentials(ctx,0,ccache, &increds,&outcreds);

    now = time(0);

    if (rem == 0) {
        then = outcreds->times.endtime ;
        if ( then < ( now + 60*check + FUDGE_FACTOR)) {
            rem = KRB5KRB_AP_ERR_TKT_EXPIRED;
        }
    }

    if ( k5service != NULL ) {
        krb5_free_principal(ctx,k5service);
    }
    if ( outcreds != NULL ) {
        krb5_free_creds(ctx,outcreds);
    }

    return rem ;

}






More information about the Kerberos mailing list