Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shishi_tkt_transited_policy_checked_p(3) [debian man page]

shishi_tkt_transited_policy_checked_p(3)			      shishi				  shishi_tkt_transited_policy_checked_p(3)

NAME

       shishi_tkt_transited_policy_checked_p - API function

SYNOPSIS

       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);

ARGUMENTS

       Shishi_tkt * tkt
		   input variable with ticket info.

DESCRIPTION

       Determine if ticket has been policy checked for transit.

       The application server is ultimately responsible for accepting or rejecting authentication and SHOULD check that only suitably trusted KDCs
       are relied upon to authenticate a principal.  The transited field in the ticket identifies which realms (and thus which KDCs) were involved
       in  the authentication process and an application server would normally check this field. If any of these are untrusted to authenticate the
       indicated client principal (probably determined by a realm-based policy), the authentication attempt MUST  be  rejected.  The  presence	of
       trusted KDCs in this list does not provide any guarantee; an untrusted KDC may have fabricated the list.

       While the end server ultimately decides whether authentication is valid, the KDC for the end server's realm MAY apply a realm specific pol-
       icy for validating the transited field and accepting credentials for cross-realm authentication. When  the  KDC	applies  such  checks  and
       accepts	such  cross-realm  authentication  it  will  set  the  TRANSITED-POLICY-CHECKED flag in the service tickets it issues based on the
       cross-realm TGT. A client MAY request that the KDCs not check the transited field by setting the  DISABLE-TRANSITED-CHECK  flag.  KDCs  are
       encouraged but not required to honor this flag.

       Application  servers  MUST either do the transited-realm checks themselves, or reject cross-realm tickets without TRANSITED-POLICY- CHECKED
       set.

RETURN VALUE

       Returns non-0 iff transited-policy-checked flag is set in ticket.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright (C) 2002-2010 Simon Josefsson.
       Copying and distribution of this file, with or without modification, are permitted in any medium without  royalty  provided  the  copyright
       notice and this notice are preserved.

SEE ALSO

       The  full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are properly installed at your site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi								       1.0.1				  shishi_tkt_transited_policy_checked_p(3)

Check Out this Related Man Page

shishi_tkt_may_postdate_p(3)					      shishi					      shishi_tkt_may_postdate_p(3)

NAME

       shishi_tkt_may_postdate_p - API function

SYNOPSIS

       #include <shishi.h>

       int shishi_tkt_may_postdate_p(Shishi_tkt * tkt);

ARGUMENTS

       Shishi_tkt * tkt
		   input variable with ticket info.

DESCRIPTION

       Determine if ticket may be used to grant postdated tickets.

       The  MAY-POSTDATE  flag	in a ticket is normally only interpreted by the ticket-granting service. It can be ignored by application servers.
       This flag MUST be set in a ticket-granting ticket in order to issue a postdated ticket based on	the  presented	ticket.  It  is  reset	by
       default;  it  MAY  be  requested  by  a client by setting the ALLOW- POSTDATE option in the KRB_AS_REQ message.	This flag does not allow a
       client to obtain a postdated ticket-granting ticket; postdated ticket-granting tickets can only by obtained by requesting the postdating in
       the  KRB_AS_REQ message. The life (endtime-starttime) of a postdated ticket will be the remaining life of the ticket-granting ticket at the
       time of the request, unless the RENEWABLE option is also  set,  in  which  case	it  can  be  the  full	life  (endtime-starttime)  of  the
       ticket-granting ticket. The KDC MAY limit how far in the future a ticket may be postdated.

RETURN VALUE

       Returns non-0 iff may-postdate flag is set in ticket.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright (C) 2002-2010 Simon Josefsson.
       Copying	and  distribution  of  this file, with or without modification, are permitted in any medium without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO

       The full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are properly installed at your  site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi								       1.0.1					      shishi_tkt_may_postdate_p(3)
Man Page