Privilege Server Interface (rpriv) Operations
The rpriv_get_ptgt( ) operation returns a privilege certificate to the ticket-granting service. The caller supplies the group set, and the Privilege Server seals the group set in the authorization part of a privilege ticket-granting ticket, after first rejecting any groups that are not legitimately part of the caller credentials. A group is rejected if the caller is not a member of the group, or the group is not allowed on project lists (the projlist_ok flag is not set).
There is no access control on this interface other than what was within the Kerberos ticket-granting mechanism itself; that is, the TGS request verification. This call may result in growth of potential access set. Note that this is a pre-DCE 1.1 routine.
Event Type (Event Number, Event Classes)
PRIV_GetPtgt (0x10C, dce_sec_authent, dce_sec_control)
Event-Specific Information
char *string client_address
unsigned16 num_groups /* Number of local groups in PAC */
uuid_t
groups /* num_groups local groups in PAC */