man kuserok (Fonctions bibliothèques) - Kerberos version of ruserok

NAME

kuserok - Kerberos version of ruserok

SYNOPSIS

#include <krb.h>

kuserok(kdata, localuser)
AUTH_DAT *auth_data;
char   *localuser;

DESCRIPTION

kuserok determines whether a Kerberos principal described by the structure auth_data is authorized to login as user localuser according to the authorization file ("~localuser/.klogin" by default). It returns 0 (zero) if authorized, 1 (one) if not authorized.

If there is no account for localuser on the local machine, authorization is not granted. If there is no authorization file, and the Kerberos principal described by auth_data translates to localuser (using krb_kntoln(3)), authorization is granted. If the authorization file can't be accessed, or the file is not owned by localuser, authorization is denied. Otherwise, the file is searched for a matching principal name, instance, and realm. If a match is found, authorization is granted, else authorization is denied.

The file entries are in the format:

	name.instance@realm
with one entry per line.

For convenience ~localuser@LOCALREALM is always considered to be an entry in the file even when there is no file or the file is unreadable.

SEE ALSO

FILES

~localuser/.klogin
authorization list