krb5_compare_creds() compares
mcreds (usually filled in by the application) to
creds (most often from a credentials cache) and return
TRUE if they are equal. Unless
mcreds->server is
NULL, the service of the credentials are always compared. If the client name in
mcreds is present, the client names are also compared. This function is normally only called indirectly via
krb5_cc_retrieve_cred(3).
The following flags, set in
whichfields, affects the comparison:
KRB5_TC_MATCH_SRV_NAMEONLY
Consider all realms equal when comparing the service principal.
KRB5_TC_MATCH_KEYTYPE
Compare enctypes.
KRB5_TC_MATCH_FLAGS_EXACT
Make sure that the ticket flags are identical.
KRB5_TC_MATCH_FLAGS
Make sure that all ticket flags set in mcreds are also present in creds.
KRB5_TC_MATCH_TIMES_EXACT
Compares the ticket times exactly.
KRB5_TC_MATCH_TIMES
Compares only the expiration times of the creds.
KRB5_TC_MATCH_AUTHDATA
Compares the authdata fields.
KRB5_TC_MATCH_2ND_TKT
Compares the second tickets (used by user-to-user authentication).
KRB5_TC_MATCH_IS_SKEY
Compares the existance of the second ticket.