krb5_rd_cred() ?

Jason Gerfen jason.gerfen at
Tue Nov 30 10:55:48 EST 2004

Yeah well that allows me to call the function.  I think I need to 
rephrase the question, I am not sure where I am to get the data to pass 
in as arguments.  More specificly the authcontext, data & ppinputcreds 
arguments.  I am assuming that the ppinput creds is going to be my creds 
structure so that is pretty clear.  I am still lost on where to obtain 
my authcontext & data arguments.  Any help with this those two items is 

Derrick Schommer wrote:

>Yes, that call uses the "ever popular" triple pointer syndrome.
>Try this:
>krb5_creds **ppInputCreds;
>krb5_data    data;
>krb5_rd_cred( context, authContext, &data, &ppInputCreds, NULL );
>And the cleanup call that will free up your triple pointer nightmare:
>krb5_free_tgt_creds( context, ppInputCreds);
>Not sure if that "free_tgt_creds()" is the call you want, but it cleans
>the triple pointer mess.  I used rd_cred in order to get the tgt from
>the creds structure so it was what I needed (and since it cleaned triple
>pointers the key and lock seemed to fit together).
>Hope that helps..
>-----Original Message-----
>From: Jason Gerfen [mailto:jason.gerfen at] 
>Sent: Dienstag, 30. November 2004 10:03
>To: krbdev at
>Subject: krb5_rd_cred() ?
>I have been looking for the correct function to call when doing a 
>KRB5KRB_AP_ERR_SKEW check.  As of yet I believe the krb5_rd_cred() 
>function is what I am looking for.  However I have found several 
>security warnings with the use of this function. Also I have no idea 
>what arguments to pass this call for it to work correctly.  According to
>some documentation I have it as the following:
>krb5_rd_cred( krb5_context context,
>                        krb5_auth_context auth_context,    // What is 
>this, where would I gather this from?
>                        krb5_data *precreddata,                 // Not 
>sure where I would get this data from either...
>                        krb5_creds ***pppcreds,                 // the 
>same here
>                        krb5_replay_data *outdata );          // and
>The documentation I have found is not clear on where I would get the 
>data to pass to this function as arguments.  Any help would be greatly 

Jason Gerfen
jason.gerfen at

"And remember... If the ladies
 don't find you handsome, they
 should at least find you handy..."
             ~The Red Green show

More information about the krbdev mailing list