105 lines
3.4 KiB
Groff
105 lines
3.4 KiB
Groff
.\" Copyright (c) 2004-2005 Kungliga Tekniska Högskolan
|
|
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" 3. Neither the name of the Institute nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: krb5_compare_creds.3 15110 2005-05-10 09:21:06Z lha $
|
|
.\"
|
|
.Dd May 10, 2005
|
|
.Dt KRB5_COMPARE_CREDS 3
|
|
.Os HEIMDAL
|
|
.Sh NAME
|
|
.Nm krb5_compare_creds
|
|
.Nd compare Kerberos 5 credentials
|
|
.Sh LIBRARY
|
|
Kerberos 5 Library (libkrb5, -lkrb5)
|
|
.Sh SYNOPSIS
|
|
.In krb5.h
|
|
.Ft krb5_boolean
|
|
.Fo krb5_compare_creds
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_flags whichfields"
|
|
.Fa "const krb5_creds *mcreds"
|
|
.Fa "const krb5_creds *creds"
|
|
.Fc
|
|
.Sh DESCRIPTION
|
|
.Fn krb5_compare_creds
|
|
compares
|
|
.Fa mcreds
|
|
(usually filled in by the application)
|
|
to
|
|
.Fa creds
|
|
(most often from a credentials cache)
|
|
and return
|
|
.Dv TRUE
|
|
if they are equal.
|
|
Unless
|
|
.Va mcreds-\*[Gt]server
|
|
is
|
|
.Dv NULL ,
|
|
the service of the credentials are always compared. If the client
|
|
name in
|
|
.Fa mcreds
|
|
is present, the client names are also compared. This function is
|
|
normally only called indirectly via
|
|
.Xr krb5_cc_retrieve_cred 3 .
|
|
.Pp
|
|
The following flags, set in
|
|
.Fa whichfields ,
|
|
affects the comparison:
|
|
.Bl -tag -width KRB5_TC_MATCH_SRV_NAMEONLY -compact -offset indent
|
|
.It KRB5_TC_MATCH_SRV_NAMEONLY
|
|
Consider all realms equal when comparing the service principal.
|
|
.It KRB5_TC_MATCH_KEYTYPE
|
|
Compare enctypes.
|
|
.It KRB5_TC_MATCH_FLAGS_EXACT
|
|
Make sure that the ticket flags are identical.
|
|
.It KRB5_TC_MATCH_FLAGS
|
|
Make sure that all ticket flags set in
|
|
.Fa mcreds
|
|
are also present in
|
|
.Fa creds .
|
|
.It KRB5_TC_MATCH_TIMES_EXACT
|
|
Compares the ticket times exactly.
|
|
.It KRB5_TC_MATCH_TIMES
|
|
Compares only the expiration times of the creds.
|
|
.It KRB5_TC_MATCH_AUTHDATA
|
|
Compares the authdata fields.
|
|
.It KRB5_TC_MATCH_2ND_TKT
|
|
Compares the second tickets (used by user-to-user authentication).
|
|
.It KRB5_TC_MATCH_IS_SKEY
|
|
Compares the existance of the second ticket.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr krb5 3 ,
|
|
.Xr krb5_cc_retrieve_cred 3 ,
|
|
.Xr krb5_creds 3 ,
|
|
.Xr krb5_get_init_creds 3 ,
|
|
.Xr kerberos 8
|