KUSEROK(3) KUSEROK(3)
NAME
kuserok - Kerberos version of ruserok
SYNOPSIS
#include <kerberosIV/krb.h>
kuserok(kdata, localuser)
AUTHDAT *authdata;
char *localuser;
DESCRIPTION
kuserok determines whether a Kerberos principal described
by the structure authdata is authorized to login as user
localuser according to the authorization file
("~localuser/.klogin" by default). It returns 0 (zero) if
authorized, 1 (one) if not authorized.
If there is no account for localuser on the local machine,
authorization is not granted. If there is no authoriza-
tion file, and the Kerberos principal described by
authdata translates to localuser (using krbkntoln(3)),
authorization is granted. If the authorization file can't
be accessed, or the file is not owned by localuser, autho-
rization is denied. Otherwise, the file is searched for a
matching principal name, instance, and realm. If a match
is found, authorization is granted, else authorization is
denied.
The file entries are in the format:
name.instance@realm
with one entry per line.
SEE ALSO
kerberos(3), ruserok(3), krb_kntoln(3)
FILES
~localuser/.klogin authorization list
MIT Project Athena Kerberos Version 4.0 1