krb5 API: getting to e-data after krb5_get_credentials

Greg Hudson ghudson at
Sat Oct 31 11:39:28 EDT 2015

On 10/31/2015 05:43 AM, Rick van Rein wrote:
> In an attempt to keep a possible extension in userspace, I'm looking to
> get to the e-data after an error message.

The API does not currently provide a facility for this for TGS requests.
If you look at lib/krb5/krb/gc_via_tkt.c, you can see where TGS reply
errors are decoded, processed, and discarded; neither the error
structure nor its e_data field is retained anywhere.

More information about the Kerberos mailing list