mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-29 06:47:21 +01:00
2b6645c034
Submitted by: Mark Murray <mark@grondar.za>
64 lines
1.5 KiB
Groff
64 lines
1.5 KiB
Groff
.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $
|
|
.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kuserok \- Kerberos version of ruserok
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.nj
|
|
.ft B
|
|
#include <kerberosIV/krb.h>
|
|
.PP
|
|
.ft B
|
|
kuserok(kdata, localuser)
|
|
AUTH_DAT *auth_data;
|
|
char *localuser;
|
|
.fi
|
|
.ft R
|
|
.SH DESCRIPTION
|
|
.I kuserok
|
|
determines whether a Kerberos principal described by the structure
|
|
.I auth_data
|
|
is authorized to login as user
|
|
.I localuser
|
|
according to the authorization file
|
|
("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
|
|
1 (one) if not authorized.
|
|
.PP
|
|
If there is no account for
|
|
.I localuser
|
|
on the local machine, authorization is not granted.
|
|
If there is no authorization file, and the Kerberos principal described
|
|
by
|
|
.I auth_data
|
|
translates to
|
|
.I localuser
|
|
(using
|
|
.IR krb_kntoln (3)),
|
|
authorization is granted.
|
|
If the authorization file
|
|
can't be accessed, or the file is not owned by
|
|
.IR localuser,
|
|
authorization is denied. Otherwise, the file is searched for
|
|
a matching principal name, instance, and realm. If a match is found,
|
|
authorization is granted, else authorization is denied.
|
|
.PP
|
|
The file entries are in the format:
|
|
.nf
|
|
.in +5n
|
|
name.instance@realm
|
|
.in -5n
|
|
.fi
|
|
with one entry per line.
|
|
.SH SEE ALSO
|
|
kerberos(3), ruserok(3), krb_kntoln(3)
|
|
.SH FILES
|
|
.TP 20n
|
|
~\fIlocaluser\fR/.klogin
|
|
authorization list
|