HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_cc_remove_cred — Remove credentials from the credentials cache

  Table of Contents



C Prototype

krb5_error_code krb5_cc_remove_cred(
krb5_context context,
krb5_ccache id,
krb5_flags which,
krb5_creds *cred );


context (input/output) 

The context structure.

id (input)  

A credentials cache identifier.

which (input)  

A bit mask representing the search flags to use. The values should be logically ORed together. Valid values are:

KRB5_TC_MATCH_TIMES - The requested lifetime is required to be at least as great as that specified.

KRB5_TC_MATCH_IS_SKEY - The is_skey field much match exactly.

KRB5_TC_MATCH_FLAGS - The set bits in mcreds must match in creds.

KRB5_TC_MATCH_TIMES_EXACT - The requested lifetime must match exactly.

KRB5_TC_MATCH_FLAGS_EXACT - All bits in mcreds must match exactly.

KRB5_TC_MATCH_AUTHDATA - The authorization data must match.

KRB5_TC_MATCH_SRV_NAMEONLY - Only the name portion of the principal name must match. The realm portion may be different. If this flag is not set, the entire principal name must match.

KRB5_TC_MATCH_2ND_TKT - The second tickets must match.

KRB5_TC_MATCH_KTYPE - The encryption key types must match.

KRB5_TC_MATCH_SUPPORTED_KTYPES - Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. Return CC_NOT_KTYPE if a match is found except for having a supported encryption type.

cred (input)  

The credentials to match.


This routine removes any credentials from id which match the principal name (cred->server) and the fields in cred masked by which. It requires that id identifies a valid credentials cache.

Return Values

This routine returns one of the following KRB5 status codes:

Error code if nothing matches.

Error code if could not delete.