Provided by: shishi-doc_1.0.2-6build1_all bug

NAME
       shishi_tkt_transited_policy_checked_p - API function


SYNOPSIS
       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);


ARGUMENTS
       Shishi_tkt * tkt
                   input variable with ticket info.


DESCRIPTION
       Determine if ticket has been policy checked for transit.

       The application server is ultimately responsible for accepting or rejecting authentication
       and SHOULD check that only suitably  trusted  KDCs  are  relied  upon  to  authenticate  a
       principal.   The  transited  field  in  the ticket identifies which realms (and thus which
       KDCs) were involved in the authentication process and an application server would normally
       check  this  field.  If  any  of  these are untrusted to authenticate the indicated client
       principal (probably determined by a realm-based policy), the authentication  attempt  MUST
       be  rejected. The presence of trusted KDCs in this list does not provide any guarantee; an
       untrusted KDC may have fabricated the list.

       While the end server ultimately decides whether authentication is valid, the KDC  for  the
       end  server's  realm  MAY apply a realm specific policy for validating the transited field
       and accepting credentials for cross-realm authentication. When the KDC applies such checks
       and  accepts such cross-realm authentication it will set the TRANSITED-POLICY-CHECKED flag
       in the service tickets it issues based on the cross-realm TGT. A client MAY  request  that
       the  KDCs  not check the transited field by setting the DISABLE-TRANSITED-CHECK flag. KDCs
       are encouraged but not required to honor this flag.

       Application servers MUST either  do  the  transited-realm  checks  themselves,  or  reject
       cross-realm tickets without TRANSITED-POLICY- CHECKED set.


RETURN VALUE
       Returns non-0 iff transited-policy-checked flag is set in ticket.


REPORTING BUGS
       Report bugs to <bug-shishi@gnu.org>.


COPYRIGHT
       Copyright © 2002-2010 Simon Josefsson.
       Copying  and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The full documentation for shishi is maintained as a Texinfo  manual.   If  the  info  and
       shishi programs are properly installed at your site, the command

              info shishi

       should give you access to the complete manual.