krb5_rd_cred() ?

Ken Hornstein kenh at
Tue Nov 30 11:47:01 EST 2004

>krb5_auth_context authCtx;
>krb5_auth_con_init( &context, &authCtx );
>I populate my auth-context with user keys and such.  (see
>krb5_auth_con_setuseruserkey()), and I also set some flags for use with
>authentication type routines.  There is a thing called
>krb5_auth_con_setflags() that allows you to set neat options on your
>authentication (like storing sequence numbers, time stamps, subkeys,

One additional note: unless you're doing user2user authenticaiton (and
if you don't know what this means, then the answer is "you're not"),
you should never need to call krb5_auth_con_setuseruserkey().

krb5_rd_cred() needs some stuff set up in the auth context by other
calls (very likely krb5_rd_req()); you just can't fill it in with
random stuff.  Most notably, you need the session key used by
krb5_mk_1cred() (which is called by krb5_fwd_tgt_creds()) to encrypt
the forwarded credentials.


More information about the krbdev mailing list