diff options
| author | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
| commit | a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (patch) | |
| tree | 0b84977f19022a965f8c6145f067f951173f6290 /crypto/kerberosIV/man/kuserok.3 | |
| download | FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.zip FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.tar.gz | |
Initial import of KTH eBones. This has been cleaned up to only include
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
Diffstat (limited to 'crypto/kerberosIV/man/kuserok.3')
| -rw-r--r-- | crypto/kerberosIV/man/kuserok.3 | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3 new file mode 100644 index 0000000..0987308 --- /dev/null +++ b/crypto/kerberosIV/man/kuserok.3 @@ -0,0 +1,66 @@ +.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kuserok \- Kerberos version of ruserok +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +.PP +.ft B +kuserok(kdata, localuser) +AUTH_DAT *auth_data; +char *localuser; +.fi +.ft R +.SH DESCRIPTION +.I kuserok +determines whether a Kerberos principal described by the structure +.I auth_data +is authorized to login as user +.I localuser +according to the authorization file +("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, +1 (one) if not authorized. +.PP +If there is no account for +.I localuser +on the local machine, authorization is not granted. +If there is no authorization file, and the Kerberos principal described +by +.I auth_data +translates to +.I localuser +(using +.IR krb_kntoln (3)), +authorization is granted. +If the authorization file +can't be accessed, or the file is not owned by +.IR localuser, +authorization is denied. Otherwise, the file is searched for +a matching principal name, instance, and realm. If a match is found, +authorization is granted, else authorization is denied. +.PP +The file entries are in the format: +.nf +.in +5n + name.instance@realm +.in -5n +.fi +with one entry per line. + +For convenience ~localuser@LOCALREALM is +always considered to be an entry in the file even when there is no +file or the file is unreadable. +.SH SEE ALSO +kerberos(3), ruserok(3), krb_kntoln(3) +.SH FILES +.TP 20n +~\fIlocaluser\fR/.klogin +authorization list |
