KUSEROK

Section: C Library Functions (3)
Updated: Kerberos Version 4.0
Index Return to Main Contents
 

NAME

kuserok - Kerberos version of ruserok  

SYNOPSIS

#include <kerberosIV/krb.h>

kuserok(kdata, localuser)
AUTH_DAT *auth_data;
char   *localuser;
 

DESCRIPTION

kuserok determines whether a Kerberos principal described by the structure auth_data is authorized to login as user localuser according to the authorization file ("~localuser/.klogin" by default). It returns 0 (zero) if authorized, 1 (one) if not authorized.

If there is no account for localuser on the local machine, authorization is not granted. If there is no authorization file, and the Kerberos principal described by auth_data translates to localuser (using krb_kntoln(3)), authorization is granted. If the authorization file can't be accessed, or the file is not owned by localuser, authorization is denied. Otherwise, the file is searched for a matching principal name, instance, and realm. If a match is found, authorization is granted, else authorization is denied.

The file entries are in the format:

        name.instance@realm
with one entry per line.  

SEE ALSO

kerberos(3), ruserok(3), krb_kntoln(3)  

FILES

~localuser/.klogin
authorization list


 

Index

NAME
SYNOPSIS
DESCRIPTION
SEE ALSO
FILES

This document was created by man2html, using the manual pages.
Time: 06:39:53 GMT, May 19, 2025