user-to-user counterpart of krb5_server_decrypt_ticket_keytab() ?

Greg Hudson ghudson at
Sat Jul 2 11:10:49 EDT 2016

On 07/02/2016 03:03 AM, Rick van Rein wrote:
> I think I found it: krb5_decrypt_tkt_part() takes a keyblock.
> That ought to work!
> Sorry for not finding it straight away; I was looking on the web interface,
> which doesn't mention it, but I found it in libkrb5.exports, which is the
> more convincing place to have it :)

libkrb5.exports is the library export list; it contains functions which
are exported for the sake of test programs, or the GSS-API library, or
the KDC.  Not everything in there is a public API.
krb5_decrypt_tkt_part() is not prototyped in krb5.h, so it is not a
public API.

You don't need to explicitly decrypt the ticket in a user-to-user
program; rd_req will take care of it for you.  Have a look at
src/appl/user_user for an example.

More information about the krbdev mailing list