Poster of Linux kernelThe best gift for a Linux geek
KRB5_KUSEROK

KRB5_KUSEROK

Section: C Library Functions (3) Local index Up

BSD mandoc
HEIMDAL  

NAME

krb5_kuserok - checks if a principal is permitted to login as a user  

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)  

SYNOPSIS

In krb5.h Ft krb5_boolean Fo krb5_kuserok Fa krb5_context context Fa krb5_principal principal Fa const char *user Fc  

DESCRIPTION

This function takes the name of a local Fa user and checks if Fa principal is allowed to log in as that user.

The Fa user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access.

The .k5login file must contain one principal per line, be owned by Fa user , and not be writable by group or other (but must be readable by anyone).

Note that if the file exists, no implicit access rights are given to Fa user Ns @ Ns Aq localrealm .

Optionally, a set of files may be put in ~/.k5login.d ( a directory), in which case they will all be checked in the same manner as .k5login The files may be called anything, but files starting with a hash ``( # )'' or ending with a tilde ``( ~'' are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other implementations.  

RETURN VALUES

returns TRUE if access should be granted, FALSE otherwise.  

HISTORY

The ~/.k5login.d feature appeared in Heimdal 0.7.  

SEE ALSO

krb5_get_default_realms3, krb5_verify_user3, krb5_verify_user_lrealm3, krb5_verify_user_opt3, krb5.conf5

 

Index

NAME
LIBRARY
SYNOPSIS
DESCRIPTION
RETURN VALUES
HISTORY
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 22:37:57 GMT, April 16, 2011