HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_cc_retrieve_cred — Search the cache for a credential and return it if found

  Table of Contents



C Prototype

krb5_error_code krb5_cc_retrieve_cred(
krb5_context context,
krb5_ccache id,
krb5_flags whichfields,
krb5_creds *mcreds,
krb5_creds *creds );


context (input/output) 

The context structure.

id (input)  

A credentials cache identifier.

whichfields (input)  

A bit mask representing the search flags to use. The values should be logically ORed together. Valid values are:

KRB5_TC_MATCH_TIMES - The requested lifetime is required to be at least as great as that specified.

KRB5_TC_MATCH_IS_SKEY - The is_skey field much match exactly.

KRB5_TC_MATCH_FLAGS - The set bits in mcreds must match in creds.

KRB5_TC_MATCH_TIMES_EXACT - The requested lifetime must match exactly.

KRB5_TC_MATCH_FLAGS_EXACT - All bits in mcreds must match exactly.

KRB5_TC_MATCH_AUTHDATA - The authorization data must match.

KRB5_TC_MATCH_SRV_NAMEONLY - Only the name portion of the principal name must match. The realm portion may be different. If this flag is not set, the entire principal name must match.

KRB5_TC_MATCH_2ND_TKT - The second tickets must match.

KRB5_TC_MATCH_KTYPE - The encryption key types must match.

KRB5_TC_MATCH_SUPPORTED_KTYPES - Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. Return CC_NOT_KTYPE if a match is found except for having a supported encryption type.

mcreds (input) 

The credentials to match.

creds (output)  

The credentials found in the cache that match the requested value.


This routine searches the cache id for credentials matching mcreds. The fields which are to be matched are specified by set bits in whichfields, and always include the principal name mcreds->server. This routine requires that id identifies a valid credentials cache.

If at least one match is found, one of the matching credentials is returned in *creds. The credentials should be freed using krb5_free_credentials.

Return Values

This routine returns the following KRB5 status code:

Error code if no matches found.