KRB5_KUSEROK(3) BSD Library Functions Manual KRB5_KUSEROK(3)NAMEkrb5_kuserok — checks if a principal is permitted to login as a user
Kerberos 5 Library (libkrb5, -lkrb5)
krb5_kuserok(krb5_context context, krb5_principal principal,
const char *user);
This function takes the name of a local user and checks if principal is
allowed to log in as that user.
The user may have a ~/.k5login file listing principals that are allowed
to login as that user. If that file does not exist, all principals with a
first component identical to the username, and a realm considered local,
are allowed access.
The .k5login file must contain one principal per line, be owned by user,
and not be writable by group or other (but must be readable by anyone).
Note that if the file exists, no implicit access rights are given to
Optionally, a set of files may be put in ~/.k5login.d (a directory), in
which case they will all be checked in the same manner as .k5login. The
files may be called anything, but files starting with a hash (“#”), or
ending with a tilde (“~”) are ignored. Subdirectories are not traversed.
Note that this directory may not be checked by other implementations.
RETURN VALUESkrb5_kuserok returns TRUE if access should be granted, FALSE otherwise.
The ~/.k5login.d feature appeared in Heimdal 0.7.
SEE ALSOkrb5_get_default_realms(3), krb5_verify_user(3),
krb5_verify_user_lrealm(3), krb5_verify_user_opt(3), krb5.conf(5)HEIMDAL May 4, 2005 HEIMDAL