68 lines
1.7 KiB
Groff
68 lines
1.7 KiB
Groff
.\" $KTH-KRB: kuserok.3,v 1.1 2000/11/08 17:34:17 joda Exp $
|
|
.\" $NetBSD: kuserok.3,v 1.1.1.2 2002/09/12 12:22:09 joda Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <mit-copyright.h>.
|
|
.\"
|
|
.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kuserok \- Kerberos version of ruserok
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.nj
|
|
.ft B
|
|
#include <krb.h>
|
|
.PP
|
|
.ft B
|
|
kuserok(kdata, localuser)
|
|
AUTH_DAT *auth_data;
|
|
char *localuser;
|
|
.fi
|
|
.ft R
|
|
.SH DESCRIPTION
|
|
.I kuserok
|
|
determines whether a Kerberos principal described by the structure
|
|
.I auth_data
|
|
is authorized to login as user
|
|
.I localuser
|
|
according to the authorization file
|
|
("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
|
|
1 (one) if not authorized.
|
|
.PP
|
|
If there is no account for
|
|
.I localuser
|
|
on the local machine, authorization is not granted.
|
|
If there is no authorization file, and the Kerberos principal described
|
|
by
|
|
.I auth_data
|
|
translates to
|
|
.I localuser
|
|
(using
|
|
.IR krb_kntoln (3)),
|
|
authorization is granted.
|
|
If the authorization file
|
|
can't be accessed, or the file is not owned by
|
|
.IR localuser,
|
|
authorization is denied. Otherwise, the file is searched for
|
|
a matching principal name, instance, and realm. If a match is found,
|
|
authorization is granted, else authorization is denied.
|
|
.PP
|
|
The file entries are in the format:
|
|
.nf
|
|
.in +5n
|
|
name.instance@realm
|
|
.in -5n
|
|
.fi
|
|
with one entry per line.
|
|
|
|
For convenience ~localuser@LOCALREALM is
|
|
always considered to be an entry in the file even when there is no
|
|
file or the file is unreadable.
|
|
.SH SEE ALSO
|
|
kerberos(3), ruserok(3), krb_kntoln(3)
|
|
.SH FILES
|
|
.TP 20n
|
|
~\fIlocaluser\fR/.klogin
|
|
authorization list
|