kuserok - Kerberos version of ruserok
kuserok determines whether a Kerberos principal described by the struc‐
ture auth_data is authorized to login as user localuser according to
the authorization file ("~localuser/.klogin" by default). It returns 0
(zero) if authorized, 1 (one) if not authorized.
If there is no account for localuser on the local machine, authoriza‐
tion is not granted. If there is no authorization file, and the Ker‐
beros principal described by auth_data translates to localuser (using
krb_kntoln(3)), authorization is granted. If the authorization file
can't be accessed, or the file is not owned by localuser, authorization
is denied. Otherwise, the file is searched for a matching principal
name, instance, and realm. If a match is found, authorization is
granted, else authorization is denied.
The file entries are in the format:
with one entry per line.
SEE ALSOkerberos(3), ruserok(3), krb_kntoln(3)FILES
~localuser/.klogin authorization list
MIT Project Athena Kerberos Version 4.0 KUSEROK(3)