man krb5_verify_user (Fonctions bibliothèques) - krb5_verify_user ,

NAME

krb5_verify_user ,krb5_verify_user_lrealm ,krb5_verify_user_opt ,krb5_verify_opt_initkrb5_verify_opt_set_ccache ,krb5_verify_opt_set_flags ,krb5_verify_opt_set_service ,krb5_verify_opt_set_secure ,krb5_verify_opt_set_keytab - Heimdal password verifying functions

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS

krb5_verify_user krb5_context context krb5_principal principal krb5_ccache ccache const char *password krb5_boolean secure const char *servicekrb5_verify_user_lrealm krb5_context context krb5_principal principal krb5_ccache ccache const char *password krb5_boolean secure const char *servicekrb5_verify_opt_init krb5_verify_opt *optkrb5_verify_opt_set_ccache krb5_verify_opt *opt krb5_ccache ccachekrb5_verify_opt_set_keytab krb5_verify_opt *opt krb5_keytab keytabkrb5_verify_opt_set_secure krb5_verify_opt *opt krb5_boolean securekrb5_verify_opt_set_service krb5_verify_opt *opt const char *servicekrb5_verify_opt_set_flags krb5_verify_opt *opt unsigned int flagskrb5_context contextkrb5_principal principalconst char *passwordkrb5_verify_opt *opt

DESCRIPTION

The krb5_verify_user function verifies the password supplied by a user. The principal whose password will be verified is specified in principal . New tickets will be obtained as a side-effect and stored in ccache (if NULL , the default ccache is used). krb5_verify_user will call krb5_cc_initialize on the given ccache , so ccache must only initialized with krb5_cc_resolve or krb5_cc_gen_new . If the password is not supplied in password (and is given as NULL ) the user will be prompted for it. If secure the ticket will be verified against the locally stored service key service (by default if given as NULL ).

The krb5_verify_user_lrealm function does the same, except that it ignores the realm in principal and tries all the local realms (see krb5.conf(5) ) . After a successful return, the principal is set to the authenticated realm. If the call fails, the principal will not be meaningful, and should only be freed with krb5_free_principal(3) .

krb5_verify_opt_init resets all opt to default values.

None of the krb5_verify_opt_set function makes a copy of the data structure that they are called with. Its up the caller to free them after the krb5_verify_user_opt is called.

krb5_verify_opt_set_ccache sets the ccache that user of opt will use. If not set, the default credential cache will be used.

krb5_verify_opt_set_keytab sets the keytab that user of opt will use. If not set, the default keytab will be used.

krb5_verify_opt_set_secure if secure if true, the password verification will require that the ticket will be verified against the locally stored service key. If not set, default value is true.

krb5_verify_opt_set_service sets the service principal that user of opt will use. If not set, the service will be used.

krb5_verify_opt_set_flags sets flags that user of opt will use. If the flag KRB5_VERIFY_LREALMS is used, the principal will be modified like krb5_verify_user_lrealm modifies it.

krb5_verify_user_opt function verifies the password supplied by a user. The principal whose password will be verified is specified in principal . Options the to the verification process is pass in in opt .

EXAMPLES

Here is a example program that verifies a password. it uses the service principal in krb5.keytab . #include <krb5.h>

int main(int argc, char **argv) { char *user; krb5_error_code error; krb5_principal princ; krb5_context context;

if (argc != 2) errx(1, "usage: verify_passwd <principal-name>");

user = argv[1];

if (krb5_init_context(&context) < 0) errx(1, "krb5_init_context");

if ((error = krb5_parse_name(context, user, &princ)) != 0) krb5_err(context, 1, error, "krb5_parse_name");

error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL); if (error) krb5_err(context, 1, error, "krb5_verify_user");

return 0; }

SEE ALSO

krb5_cc_gen_new(3) ,krb5_cc_resolve(3) ,krb5_cc_initialize(3) ,krb5_err(3) ,krb5_free_principal(3) ,krb5_init_context(3) ,krb5_kt_default(3) ,krb5.conf()