"Fossies" - the Fresh Open Source Software Archive

Member "krb5-1.18/doc/plugindev/kdcpolicy.rst" (12 Feb 2020, 1110 Bytes) of package /linux/misc/krb5-1.18.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

KDC policy interface (kdcpolicy)

The kdcpolicy interface was first introduced in release 1.16. It allows modules to veto otherwise valid AS and TGS requests or restrict the lifetime and renew time of the resulting ticket. For a detailed description of the kdcpolicy interface, see the header file <krb5/kdcpolicy_plugin.h>.

The optional check_as and check_tgs functions allow the module to perform access control. Additionally, a module can create and destroy module data with the init and fini methods. Module data objects last for the lifetime of the KDC process, and are provided to all other methods. The data has the type krb5_kdcpolicy_moddata, which should be cast to the appropriate internal type.

kdcpolicy modules can optionally inspect principal entries. To do this, the module must also include <kdb.h> to gain access to the principal entry structure definition. As the KDB interface is explicitly not as stable as other public interfaces, modules which do this may not retain compatibility across releases.