Man Linux: Main Page and Category List

NAME

       shishi_tkt_transited_policy_checked_p - API function

SYNOPSIS

       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);

ARGUMENTS

       Shishi_tkt * tkt
                   input variable with ticket info.

DESCRIPTION

       Determine if ticket has been policy checked for transit.

       The  application  server  is  ultimately  responsible  for accepting or
       rejecting authentication and SHOULD check that  only  suitably  trusted
       KDCs  are relied upon to authenticate a principal.  The transited field
       in the ticket identifies  which  realms  (and  thus  which  KDCs)  were
       involved  in the authentication process and an application server would
       normally  check  this  field.  If  any  of  these  are   untrusted   to
       authenticate  the  indicated client principal (probably determined by a
       realm-based policy), the authentication attempt MUST be  rejected.  The
       presence  of  trusted KDCs in this list does not provide any guarantee;
       an untrusted KDC may have fabricated the list.

       While the end  server  ultimately  decides  whether  authentication  is
       valid,  the  KDC  for the end server’s realm MAY apply a realm specific
       policy for validating the transited field and accepting credentials for
       cross-realm  authentication.  When  the  KDC  applies  such  checks and
       accepts   such   cross-realm   authentication   it   will    set    the
       TRANSITED-POLICY-CHECKED flag in the service tickets it issues based on
       the cross-realm TGT. A client MAY request that the KDCs not  check  the
       transited  field  by setting the DISABLE-TRANSITED-CHECK flag. KDCs are
       encouraged but not required to honor this flag.

       Application  servers  MUST  either  do   the   transited-realm   checks
       themselves,  or  reject  cross-realm  tickets without TRANSITED-POLICY-
       CHECKED set.

RETURN VALUE

       Returns non-0 iff transited-policy-checked flag is set in ticket.

REPORTING BUGS

       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT

       Copyright © 2002-2010 Simon Josefsson.
       Copying and distribution of this file, with  or  without  modification,
       are  permitted  in  any  medium  without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO

       The full documentation for shishi is maintained as  a  Texinfo  manual.
       If  the  info  and shishi programs are properly installed at your site,
       the command

              info shishi

       should give you access to the complete manual.

shishi                               1shishi_tkt_transited_policy_checked_p(3)