- checks if a principal is permitted to login as a user
Kerberos 5 Library (libkrb5, -lkrb5)
Fa krb5_context context
Fa krb5_principal principal
Fa const char *user
This function takes the name of a local
and checks if
is allowed to log in as that user.
may have a
file listing principals that are allowed to login as that user. If
that file does not exist, all principals with a first component
identical to the username, and a realm considered local, are allowed
file must contain one principal per line, be owned by
Fa user ,
and not be writable by group or other (but must be readable by
Note that if the file exists, no implicit access rights are given to
Fa user Ns @ Ns Aq localrealm .
Optionally, a set of files may be put in
~/.k5login.d ( a directory), in which case they will all be checked in the same
The files may be called anything, but files starting with a hash
``( # )''
or ending with a tilde
are ignored. Subdirectories are not traversed. Note that this
directory may not be checked by other implementations.
if access should be granted,