RX Kerberos 5 security class requirements of Kerberos library

[Jeffrey Altman]

Sam Hartman wrote:
> I don't seem to have Jeff's original message with the prototype although I do have a reply to that message.
> 
> Jeff's API really has a lot of arguments.  I think that we've learned
> from KLL and CCAPI that by the time you have that many arguments you
> want to be using a structure similar to get_init_creds with an options
> interface.
> 
> It also seems like you only support passing in one authorization data
> item and one address.  That seems wrong.
> 
> --Sam

Here is a prototype for a convenience function that will wrap gic

  krb5_error_code KRB5_CALLCONV
  krb5_generate_creds_with_keytab(
      krb5_context context,
      krb5_principal client,
      krb5_keytab    client_keytab,
      krb5_principal service,
      krb5_keytab    service_keytab,
      krb5_deltat    tkt_life,
      krb5_enctype  *allowed_enctypes,
      krb5_flags     flags,
      krb5_creds** out_creds /* out */ )

The flags field may never be used.

The start and end times were replaced with ticket lifetime since
that is what gic accepts.

Jeffrey Altman