krb5_rd_cred() ?

Derrick Schommer dschommer at
Tue Nov 30 10:21:48 EST 2004

Yes, that call uses the "ever popular" triple pointer syndrome.

Try this:

krb5_creds **ppInputCreds;
krb5_data    data;
krb5_rd_cred( context, authContext, &data, &ppInputCreds, NULL );

And the cleanup call that will free up your triple pointer nightmare:

krb5_free_tgt_creds( context, ppInputCreds);

Not sure if that "free_tgt_creds()" is the call you want, but it cleans
the triple pointer mess.  I used rd_cred in order to get the tgt from
the creds structure so it was what I needed (and since it cleaned triple
pointers the key and lock seemed to fit together).

Hope that helps..

-----Original Message-----
From: Jason Gerfen [mailto:jason.gerfen at] 
Sent: Dienstag, 30. November 2004 10:03
To: krbdev at
Subject: krb5_rd_cred() ?

I have been looking for the correct function to call when doing a 
KRB5KRB_AP_ERR_SKEW check.  As of yet I believe the krb5_rd_cred() 
function is what I am looking for.  However I have found several 
security warnings with the use of this function. Also I have no idea 
what arguments to pass this call for it to work correctly.  According to

some documentation I have it as the following:

krb5_rd_cred( krb5_context context,
                        krb5_auth_context auth_context,    // What is 
this, where would I gather this from?
                        krb5_data *precreddata,                 // Not 
sure where I would get this data from either...
                        krb5_creds ***pppcreds,                 // the 
same here
                        krb5_replay_data *outdata );          // and

The documentation I have found is not clear on where I would get the 
data to pass to this function as arguments.  Any help would be greatly 

Jason Gerfen
jason.gerfen at

"And remember... If the ladies
 don't find you handsome, they
 should at least find you handy..."
             ~The Red Green show

krbdev mailing list             krbdev at 
DISCLAIMER:   The information contained in this e-mail is confidential and is intended solely for the review of the named addressee, and in conjunction with specific Acopia Networks business.  Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you are unable to treat this information accordingly, or are not the intended recipient, please notify us immediately by returning the e-mail to the originator.  

More information about the krbdev mailing list