:man| Alphabetical   Categories   About us 
 
KRB5_VERIFY_USER (3) | C library functions | Unix Manual Pages | :man

NAME

krb5_verify_user, krb5_verify_user_lrealm, krb5_verify_user_opt, krb5_verify_opt_init krb5_verify_opt_set_flags, krb5_verify_opt_set_service, krb5_verify_opt_set_secure, krb5_verify_opt_set_keytab - Heimdal password verifying functions.

CONTENTS

Library
Synopsis
Description
Example
See Also

LIBRARY

Kerberos 5 Library (libkrb5, -lkrb5)

SYNOPSIS


.In krb5.h krb5_error_code "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" krb5_error_code "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" void krb5_verify_opt_init "krb5_verify_opt *opt" void krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache" void krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab" void krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure" void krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service" void krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags" krb5_error_code
.Fo krb5_verify_user_opt "krb5_context context" "krb5_principal principal" "const char *password" "krb5_verify_opt *opt"
.Fc

DESCRIPTION

The krb5_verify_user function verifies the password supplied by a user. The principal whose password will be verified is specified in principal. New tickets will be obtained as a side-effect and stored in ccache (if NULL, the default ccache is used). krb5_verify_user will call krb5_cc_initialize on the given ccache, so ccache must only initialized with krb5_cc_resolve or krb5_cc_gen_new. If the password is not supplied in password (and is given as NULL) the user will be prompted for it. If secure the ticket will be verified against the locally stored service key service (by default ‘host’ if given as NULL ).

The krb5_verify_user_lrealm function does the same, except that it ignores the realm in principal and tries all the local realms (see krb5.conf(5)). After a successful return, the principal is set to the authenticated realm. If the call fails, the principal will not be meaningful, and should only be freed with krb5_free_principal(3).

krb5_verify_opt_init resets all opt to default values.

None of the krb5_verify_opt_set function makes a copy of the data structure that they are called with. Its up the caller to free them after the krb5_verify_user_opt is called.

krb5_verify_opt_set_ccache sets the ccache that user of opt will use. If not set, the default credential cache will be used.

krb5_verify_opt_set_keytab sets the keytab that user of opt will use. If not set, the default keytab will be used.

krb5_verify_opt_set_secure if secure if true, the password verification will require that the ticket will be verified against the locally stored service key. If not set, default value is true.

krb5_verify_opt_set_service sets the service principal that user of opt will use. If not set, the ‘host’ service will be used.

krb5_verify_opt_set_flags sets flags that user of opt will use. If the flag KRB5_VERIFY_LREALMS is used, the principal will be modified like krb5_verify_user_lrealm modifies it.

krb5_verify_user_opt function verifies the password supplied by a user. The principal whose password will be verified is specified in principal. Options the to the verification process is pass in in opt.

EXAMPLE

Here is a example program that verifies a password. it uses the ‘host/‘hostname‘’ service principal in krb5.keytab.
#include <krb5.h>


int
main(int argc, char **argv)
{
char *user;
krb5_error_code error;
krb5_principal princ;
krb5_context context;


if (argc != 2)
errx(1, "usage: verify_passwd <principal-name>");


user = argv[1];


if (krb5_init_context(&context) < 0)
errx(1, "krb5_init_context");


if ((error = krb5_parse_name(context, user, &princ)) != 0)
krb5_err(context, 1, error, "krb5_parse_name");


error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
if (error)
krb5_err(context, 1, error, "krb5_verify_user");


return 0;
}

SEE ALSO

krb5_err(3), krb5_cc_gen_new(3), krb5_cc_resolve(3), krb5_cc_initialize(3), krb5_free_principal(3), krb5_init_context(3), krb5_kt_default(3), krb5.conf(5)


Share this page

     Follow us

Facebook Twitter Google+ LinkedIn


 
Created by Blin Media, 2008-2013