FreeBSD manual
download PDF document: krb5_verify_user.3.pdf
KRB5_VERIFY_USER(3) FreeBSD Library Functions Manual KRB5_VERIFY_USER(3)
NAME
krb5_verify_user, krb5_verify_user_lrealm, krb5_verify_user_opt,
krb5_verify_opt_init, krb5_verify_opt_alloc, krb5_verify_opt_free,
krb5_verify_opt_set_ccache, krb5_verify_opt_set_flags,
krb5_verify_opt_set_service, krb5_verify_opt_set_secure,
krb5_verify_opt_set_keytab - Heimdal password verifying functions
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5.h>
krb5_error_code
krb5_verify_user(krb5_context context, krb5_principal principal,
krb5_ccache ccache, const char *password, krb5_boolean secure,
const char *service);
krb5_error_code
krb5_verify_user_lrealm(krb5_context context, krb5_principal principal,
krb5_ccache ccache, const char *password, krb5_boolean secure,
const char *service);
void
krb5_verify_opt_init(krb5_verify_opt *opt);
void
krb5_verify_opt_alloc(krb5_verify_opt **opt);
void
krb5_verify_opt_free(krb5_verify_opt *opt);
void
krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache);
void
krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab);
void
krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure);
void
krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service);
void
krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags);
krb5_error_code
krb5_verify_user_opt(krb5_context context, krb5_principal principal,
const char *password, krb5_verify_opt *opt);
DESCRIPTION
The krb5_verify_user function verifies the password supplied by a user.
The principal whose password will be verified is specified in principal.
New tickets will be obtained as a side-effect and stored in ccache (if
NULL, the default ccache is used). krb5_verify_user() will call
krb5_cc_initialize() on the given ccache, so ccache must only initialized
krb5.conf(5)). After a successful return, the principal is set to the
authenticated realm. If the call fails, the principal will not be
meaningful, and should only be freed with krb5_free_principal(3).
krb5_verify_opt_alloc() and krb5_verify_opt_free() allocates and frees a
krb5_verify_opt. You should use the the alloc and free function instead
of allocation the structure yourself, this is because in a future release
the structure wont be exported.
krb5_verify_opt_init() resets all opt to default values.
None of the krb5_verify_opt_set function makes a copy of the data
structure that they are called with. It's up the caller to free them
after the krb5_verify_user_opt() is called.
krb5_verify_opt_set_ccache() sets the ccache that user of opt will use.
If not set, the default credential cache will be used.
krb5_verify_opt_set_keytab() sets the keytab that user of opt will use.
If not set, the default keytab will be used.
krb5_verify_opt_set_secure() if secure if true, the password verification
will require that the ticket will be verified against the locally stored
service key. If not set, default value is true.
krb5_verify_opt_set_service() sets the service principal that user of opt
will use. If not set, the `host' service will be used.
krb5_verify_opt_set_flags() sets flags that user of opt will use. If the
flag KRB5_VERIFY_LREALMS is used, the principal will be modified like
krb5_verify_user_lrealm() modifies it.
krb5_verify_user_opt() function verifies the password supplied by a user.
The principal whose password will be verified is specified in principal.
Options the to the verification process is pass in in opt.
EXAMPLES
Here is a example program that verifies a password. it uses the
`host/`hostname`' service principal in krb5.keytab.
#include <krb5.h>
int
main(int argc, char **argv)
{
char *user;
krb5_error_code error;
krb5_principal princ;
krb5_context context;
if (argc != 2)
errx(1, "usage: verify_passwd <principal-name>");
user = argv[1];
if (krb5_init_context(&context) < 0)
errx(1, "krb5_init_context");
if ((error = krb5_parse_name(context, user, &princ)) != 0)
}
SEE ALSO
krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
krb5_kt_default(3), krb5.conf(5)
HEIMDAL May 1, 2006 HEIMDAL