Provided by: shishi-doc_1.0.2-6build1_all bug

NAME
       shishi_tkt_transited_policy_checked_p - API function


SYNOPSIS
       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);


ARGUMENTS
       Shishi_tkt * tkt
                   input variable with ticket info.


DESCRIPTION
       Determine if ticket has been policy checked for transit.

       The  application  server  is  ultimately responsible for accepting or rejecting authentication and SHOULD
       check that only suitably trusted KDCs are relied upon to authenticate a principal.  The  transited  field
       in  the  ticket identifies which realms (and thus which KDCs) were involved in the authentication process
       and an application server would normally check this field. If any of these are untrusted to  authenticate
       the  indicated client principal (probably determined by a realm-based policy), the authentication attempt
       MUST be rejected. The presence of trusted KDCs in this list does not provide any guarantee; an  untrusted
       KDC may have fabricated the list.

       While  the  end  server  ultimately decides whether authentication is valid, the KDC for the end server's
       realm MAY apply a realm specific policy for validating the transited field and accepting credentials  for
       cross-realm  authentication. When the KDC applies such checks and accepts such cross-realm authentication
       it will set the TRANSITED-POLICY-CHECKED flag in the service tickets it issues based on  the  cross-realm
       TGT.   A   client   MAY   request   that   the  KDCs  not  check  the  transited  field  by  setting  the
       DISABLE-TRANSITED-CHECK flag. KDCs are encouraged but not required to honor this flag.

       Application servers MUST either do the transited-realm checks themselves, or reject  cross-realm  tickets
       without TRANSITED-POLICY- CHECKED set.


RETURN VALUE
       Returns non-0 iff transited-policy-checked flag is set in ticket.


REPORTING BUGS
       Report bugs to <bug-shishi@gnu.org>.


COPYRIGHT
       Copyright © 2002-2010 Simon Josefsson.
       Copying  and distribution of this file, with or without modification, are permitted in any medium without
       royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The full documentation for shishi is maintained as a Texinfo manual.  If the info and shishi programs are
       properly installed at your site, the command

              info shishi

       should give you access to the complete manual.