From 24e6123e23cadb48bd6c2503baf520887db0f221 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 7 Dec 2003 17:09:09 +0000
Subject: [PATCH] some text about krb5_auth_con_{add,remove}flags

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13188 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/krb5_auth_context.3 | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/krb5_auth_context.3 b/lib/krb5/krb5_auth_context.3
index 78785b761..fedd20e4f 100644
--- a/lib/krb5/krb5_auth_context.3
+++ b/lib/krb5/krb5_auth_context.3
@@ -40,6 +40,8 @@
 .Nm krb5_auth_con_free ,
 .Nm krb5_auth_con_setflags ,
 .Nm krb5_auth_con_getflags ,
+.Nm krb5_auth_con_addflags,
+.Nm krb5_auth_con_removeflags,
 .Nm krb5_auth_con_setaddrs ,
 .Nm krb5_auth_con_setaddrs_from_fd ,
 .Nm krb5_auth_con_getaddrs ,
@@ -93,6 +95,20 @@ Kerberos 5 Library (libkrb5, -lkrb5)
 .Fa "int32_t *flags"
 .Fc
 .Ft krb5_error_code
+.Fo krb5_auth_con_addflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t addflags"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_removeflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t removelags"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
 .Fo krb5_auth_con_setaddrs
 .Fa "krb5_context context"
 .Fa "krb5_auth_context auth_context"
@@ -174,9 +190,11 @@ The
 structure must be freed by
 .Fn krb5_auth_con_free .
 .Pp
-.Fn krb5_auth_con_getflags
+.Fn krb5_auth_con_getflags ,
+.Fn krb5_auth_con_setflags ,
+.Fn krb5_auth_con_addflags 
 and
-.Fn krb5_auth_con_setflags
+.Fn krb5_auth_con_removeflags
 gets and modifies the flags for a
 .Nm krb5_auth_context
 structure. Possible flags to set are:
@@ -195,6 +213,18 @@ and
 .Xr krb5_mk_safe 3 .
 Setting this flag requires that parameter to be passed to these
 functions.
+.Pp
+The flags
+.Dv KRB5_AUTH_CONTEXT_DO_TIME
+also modifies the behavior the function
+.Fn krb5_get_forwarded_creds 
+by removing the timestamp in the forward credential message, this have
+backward compatibility problems since not all versions of the heimdal
+supports timeless credentional messages.
+Is very useful since it always the sender of the message to cache
+forward message and thus avoiding a round trip to the KDC for each
+time a credential is forwarded.
+The same functionality can be obtained by using address-less tickets.
 .\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
 .El
 .Pp