mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 17:00:49 +01:00
60643d379b
(Including all changes for FreeBSD - importing the original eBones distribution would be too complex at this stage, since I don't have access to Piero's CVS.) (If you want to include eBones in your system, don't forget to include MAKE_EBONES in /etc/make.conf.) (This stuff is now also suppable from braae.ru.ac.za.) Bones originally from MIT SIPB. Original port to FreeBSD 1.x by Piero Serini. Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet. Nice bug fixes from Doug Rabson.
64 lines
1.5 KiB
Groff
64 lines
1.5 KiB
Groff
.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $
|
|
.\" $Id: kuserok.3,v 1.2 1994/07/19 19:27:58 g89r4222 Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kuserok \- Kerberos version of ruserok
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.nj
|
|
.ft B
|
|
#include <krb.h>
|
|
.PP
|
|
.ft B
|
|
kuserok(kdata, localuser)
|
|
AUTH_DAT *auth_data;
|
|
char *localuser;
|
|
.fi
|
|
.ft R
|
|
.SH DESCRIPTION
|
|
.I kuserok
|
|
determines whether a Kerberos principal described by the structure
|
|
.I auth_data
|
|
is authorized to login as user
|
|
.I localuser
|
|
according to the authorization file
|
|
("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
|
|
1 (one) if not authorized.
|
|
.PP
|
|
If there is no account for
|
|
.I localuser
|
|
on the local machine, authorization is not granted.
|
|
If there is no authorization file, and the Kerberos principal described
|
|
by
|
|
.I auth_data
|
|
translates to
|
|
.I localuser
|
|
(using
|
|
.IR krb_kntoln (3)),
|
|
authorization is granted.
|
|
If the authorization file
|
|
can't be accessed, or the file is not owned by
|
|
.IR localuser,
|
|
authorization is denied. Otherwise, the file is searched for
|
|
a matching principal name, instance, and realm. If a match is found,
|
|
authorization is granted, else authorization is denied.
|
|
.PP
|
|
The file entries are in the format:
|
|
.nf
|
|
.in +5n
|
|
name.instance@realm
|
|
.in -5n
|
|
.fi
|
|
with one entry per line.
|
|
.SH SEE ALSO
|
|
kerberos(3), ruserok(3), krb_kntoln(3)
|
|
.SH FILES
|
|
.TP 20n
|
|
~\fIlocaluser\fR/.klogin
|
|
authorization list
|