KUSEROK(3)KUSEROK(3)NAMEkuserok - Kerberos version of ruserok
SYNOPSIS
#include <kerberosIV/krb.h>
kuserok(kdata, localuser)
AUTH_DAT *auth_data;
char *localuser;
DESCRIPTIONkuserok determines whether a Kerberos principal described
by the structure auth_data is authorized to login as user
localuser according to the authorization file
("~localuser/.klogin" by default). It returns 0 (zero) if
authorized, 1 (one) if not authorized.
If there is no account for localuser on the local machine,
authorization is not granted. If there is no authoriza-
tion file, and the Kerberos principal described by
auth_data translates to localuser (using krb_kntoln(3)),
authorization is granted. If the authorization file can't
be accessed, or the file is not owned by localuser, autho-
rization is denied. Otherwise, the file is searched for a
matching principal name, instance, and realm. If a match
is found, authorization is granted, else authorization is
denied.
The file entries are in the format:
name.instance@realm
with one entry per line.
SEE ALSOkerberos(3), ruserok(3), krb_kntoln(3)FILES
~localuser/.klogin authorization list
MIT Project Athena Kerberos Version 4.0 1