1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_verify_user.3,v 1.5 2002/08/28 15:30:58 joda Exp $
.Dd June 27, 2001
.Dt KRB5_VERIFY_USER 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_verify_user ,
.Nm krb5_verify_user_lrealm
.Nd Heimdal password verifying functions
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.Fd #include <krb5.h>
.Ft krb5_error_code
.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
.Ft krb5_error_code
.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
.Sh DESCRIPTION
The
.Nm krb5_verify_user
function verifies the password supplied by a user.
The principal whose
password will be verified is specified in
.Fa principal .
New tickets will be obtained as a side-effect and stored in
.Fa ccache
(if NULL, the default ccache is used).
If the password is not supplied in
.Fa password
(and is given as
.Dv NULL )
the user will be prompted for it.
If
.Fa secure
the ticket will be verified against the locally stored service key
.Fa service
(by default
.Ql host
if given as
.Dv NULL
).
.Pp
The
.Nm krb5_verify_user_lrealm
function does the same, except that it ignores the realm in
.Fa principal
and tries all the local realms (see
.Xr krb5.conf 5 ) .
After a successful return, the principal is set to the authenticated
realm. If the call fails, the principal will not be meaningful, and
should only be freed with
.Xr krb5_free_principal 3 .
.Sh EXAMPLE
Here is a example program that verifies a password. it uses the
.Ql host/`hostname`
service principal in
.Pa krb5.keytab .
.Bd -literal
#include <krb5.h>
int
main(int argc, char **argv)
{
char *user;
krb5_error_code error;
krb5_principal princ;
krb5_context context;
if (argc != 2)
errx(1, "usage: verify_passwd <principal-name>");
user = argv[1];
if (krb5_init_context(&context) < 0)
errx(1, "krb5_init_context");
if ((error = krb5_parse_name(context, user, &princ)) != 0)
krb5_err(context, 1, error, "krb5_parse_name");
error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
if (error)
krb5_err(context, 1, error, "krb5_verify_user");
return 0;
}
.Ed
.Sh SEE ALSO
.Xr krb5_err 3 ,
.Xr krb5_free_principal 3 ,
.Xr krb5_init_context 3 ,
.Xr krb5_kt_default 3 ,
.Xr krb5.conf 5
|
