update to reality
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14133 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -1,4 +1,4 @@
|
|||||||
.\" Copyright (c) 2003 Kungliga Tekniska H<>gskolan
|
.\" Copyright (c) 2003-2004 Kungliga Tekniska H<>gskolan
|
||||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
.\" All rights reserved.
|
.\" All rights reserved.
|
||||||
.\"
|
.\"
|
||||||
@@ -31,7 +31,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" $Id$
|
.\" $Id$
|
||||||
.\"
|
.\"
|
||||||
.Dd October 17, 2002
|
.Dd August 19, 2004
|
||||||
.Dt KRB5_KUSEROK 3
|
.Dt KRB5_KUSEROK 3
|
||||||
.Os HEIMDAL
|
.Os HEIMDAL
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -45,47 +45,39 @@ Kerberos 5 Library (libkrb5, -lkrb5)
|
|||||||
.Fo krb5_kuserok
|
.Fo krb5_kuserok
|
||||||
.Fa "krb5_context context"
|
.Fa "krb5_context context"
|
||||||
.Fa "krb5_principal principal"
|
.Fa "krb5_principal principal"
|
||||||
.Fa "const char *name"
|
.Fa "const char *user"
|
||||||
.Fc
|
.Fc
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
This function takes a local user
|
This function takes the name of a local
|
||||||
.Fa name
|
.Fa user
|
||||||
and verifies if
|
and checks if
|
||||||
.Fa principal
|
.Fa principal
|
||||||
is allowed to log in as that user.
|
is allowed to log in as that user.
|
||||||
.Pp
|
.Pp
|
||||||
First
|
The
|
||||||
.Nm
|
.Fa user
|
||||||
check if there is a local account name
|
may have a
|
||||||
.Fa username .
|
.Pa ~/.k5login
|
||||||
If there isn't,
|
file listing principals that are allowed to login as that user. If
|
||||||
.Nm
|
that file does not exist, all principals with a first component
|
||||||
returns
|
identical to the username, and a realm considered local, are allowed
|
||||||
.Dv FALSE .
|
access.
|
||||||
.Pp
|
|
||||||
Then
|
|
||||||
.Nm
|
|
||||||
checks if principal is the same as user@realm in any of the default
|
|
||||||
realms. If that is the case,
|
|
||||||
.Nm
|
|
||||||
returns
|
|
||||||
.Dv TRUE .
|
|
||||||
.Pp
|
|
||||||
After that it reads the file
|
|
||||||
.Pa .k5login
|
|
||||||
(if it exists) in the users home directory and checks if
|
|
||||||
.Fa principal
|
|
||||||
is in the file.
|
|
||||||
If it does exists,
|
|
||||||
.Dv TRUE
|
|
||||||
is returned.
|
|
||||||
If neither of the above turns out to be true,
|
|
||||||
.DV FALSE
|
|
||||||
is returned.
|
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Pa .k5login
|
.Pa .k5login
|
||||||
should contain one principal per line.
|
file must contain one principal per line, be owned by
|
||||||
|
.Fa user ,
|
||||||
|
and not be writable by group or other.
|
||||||
|
.Pp
|
||||||
|
Note that if the file exists, no implicit access rights are given to
|
||||||
|
.Fa user Ns @ Ns Aq localrealm .
|
||||||
|
.Sh RETURN VALUES
|
||||||
|
.Nm
|
||||||
|
returns
|
||||||
|
.Dv TRUE
|
||||||
|
if access should be granted,
|
||||||
|
.Dv FALSE
|
||||||
|
otherwise.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr krb5_get_default_realms 3 ,
|
.Xr krb5_get_default_realms 3 ,
|
||||||
.Xr krb5_verify_user 3 ,
|
.Xr krb5_verify_user 3 ,
|
||||||
|
|||||||
Reference in New Issue
Block a user