diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/krb5_kuserok.3')
| -rw-r--r-- | crypto/heimdal/lib/krb5/krb5_kuserok.3 | 131 |
1 files changed, 70 insertions, 61 deletions
diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3 index 1539202..e5e5c99 100644 --- a/crypto/heimdal/lib/krb5/krb5_kuserok.3 +++ b/crypto/heimdal/lib/krb5/krb5_kuserok.3 @@ -1,94 +1,103 @@ -.\" Copyright (c) 2003 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2003-2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: krb5_kuserok.3,v 1.5 2003/04/16 13:58:10 lha Exp $ +.\" $Id: krb5_kuserok.3 15083 2005-05-04 12:11:22Z joda $ .\" -.Dd Oct 17, 2002 +.Dd May 4, 2005 .Dt KRB5_KUSEROK 3 .Os HEIMDAL .Sh NAME .Nm krb5_kuserok -.Nd verifies if a principal can log in as a user +.Nd "checks if a principal is permitted to login as a user" .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS .In krb5.h .Ft krb5_boolean -.Fo krb5_kuserok +.Fo krb5_kuserok .Fa "krb5_context context" .Fa "krb5_principal principal" -.Fa "const char *name" +.Fa "const char *user" .Fc .Sh DESCRIPTION -This function takes a local user -.Fa name -and verifies if +This function takes the name of a local +.Fa user +and checks if .Fa principal is allowed to log in as that user. .Pp -First -.Nm -check if there is a local account name -.Fa username. -If there isn't, -.Nm -returns -.Dv FALSE . +The +.Fa user +may have a +.Pa ~/.k5login +file listing principals that are allowed to login as that user. If +that file does not exist, all principals with a first component +identical to the username, and a realm considered local, are allowed +access. .Pp -Then -.Nm -checks if principal is the same as user@realm in any of the default -realms. If that is the case, +The +.Pa .k5login +file must contain one principal per line, be owned by +.Fa user , +and not be writable by group or other (but must be readable by +anyone). +.Pp +Note that if the file exists, no implicit access rights are given to +.Fa user Ns @ Ns Aq localrealm . +.Pp +Optionally, a set of files may be put in +.Pa ~/.k5login.d ( Ns +a directory), in which case they will all be checked in the same +manner as +.Pa .k5login . +The files may be called anything, but files starting with a hash +.Dq ( # ) , +or ending with a tilde +.Dq ( ~ ) +are ignored. Subdirectories are not traversed. Note that this +directory may not be checked by other implementations. +.Sh RETURN VALUES .Nm returns -.Dv TRUE . -.Pp -After that it reads the file -.Pa .k5login -(if it exists) in the users home directory and checks if -.Fa principal -is in the file. -If it does exists, .Dv TRUE -is returned. -If neither of the above turns out to be true, -.DV FALSE -is returned. -.Pp +if access should be granted, +.Dv FALSE +otherwise. +.Sh HISTORY The -.Pa .k5login -should contain one principal per line. +.Pa ~/.k5login.d +feature appeared in Heimdal 0.7. .Sh SEE ALSO .Xr krb5_get_default_realms 3 , .Xr krb5_verify_user 3 , .Xr krb5_verify_user_lrealm 3 , -.Xr krb5_verify_user_opt 3, +.Xr krb5_verify_user_opt 3 , .Xr krb5.conf 5 |
