man krb5_kuserok (Fonctions bibliothèques) - krb5_kuserok

NAME

krb5_kuserok - checks if a principal is permitted to login as a user

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS

krb5_context contextkrb5_principal principalconst char *user

DESCRIPTION

This function takes the name of a local user and checks if principal is allowed to log in as that user.

The user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access.

The .k5login file must contain one principal per line, be owned by user , and not be writable by group or other (but must be readable by anyone).

Note that if the file exists, no implicit access rights are given to user Ns @ Ns Aq localrealm .

Optionally, a set of files may be put in ~/.k5login.d ( Ns a directory), in which case they will all be checked in the same manner as .k5login . The files may be called anything, but files starting with a hash or ending with a tilde are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other implementations.

RETURN VALUES

returns TRUE if access should be granted, FALSE otherwise.

HISTORY

The ~/.k5login.d feature appeared in Heimdal 0.7.

SEE ALSO

krb5_get_default_realms(3) ,krb5_verify_user(3) ,krb5_verify_user_lrealm(3) ,krb5_verify_user_opt(3) ,krb5.conf()