next up previous contents
Next: kadm5_decyrpt_key Up: Functions Previous: kadm5_setkey_principal   Contents

kadm5_get_principal

In KADM5_API_VERSION_1:

kadm5_ret_t
kadm5_get_principal(void *server_handle, krb5_principal princ, 
                         kadm5_principal_ent_t *ent);

In KADM5_API_VERSION_2:

kadm5_ret_t
kadm5_get_principal(void *server_handle, krb5_principal princ, 
                         kadm5_principal_ent_t ent, u_int32 mask);

AUTHORIZATION REQUIRED: get, or the calling principal being the same as the princ argument. If the request is authenticated to the kadmin/changepw service, the get privilege is disregarded.

In KADM5_API_VERSION_1, return all of the principal's attributes in allocated memory; if an error is returned entry is set to NULL. In KADM5_API_VERSION_2, fill in the fields of the principal structure specified in the mask; memory for the structure is not allocated. Typically, a caller will specify the mask KADM5_PRINCIPAL_NORMAL_MASK, which includes all the fields except key_data and tl_data to improve time and memory efficiency. A caller that wants key_data and tl_data can bitwise-OR those masks onto NORMAL_MASK. Note that even if KADM5_TL_DATA is specified, this function will not return internal tl_data elements whose type is less than 256.

The caller must free the returned entry with kadm5_free_principal_ent.

The function behaves differently for local and remote clients. For remote clients, the KEY_DATA mask is illegal and results in a KADM5_BAD_MASK error.

RETURN CODES:

KADM5_UNK_PRINC
Principal does not exist.
KADM5_BAD_MASK
The mask is not valid for a get operation.


next up previous contents
Next: kadm5_decyrpt_key Up: Functions Previous: kadm5_setkey_principal   Contents
Autobuild 2006-06-16