1KRB5_VERIFY_USER(3)      BSD Library Functions Manual      KRB5_VERIFY_USER(3)
2

NAME

4     krb5_verify_user, krb5_verify_user_lrealm, krb5_verify_user_opt,
5     krb5_verify_opt_init, krb5_verify_opt_alloc, krb5_verify_opt_free,
6     krb5_verify_opt_set_ccache, krb5_verify_opt_set_flags,
7     krb5_verify_opt_set_service, krb5_verify_opt_set_secure,
8     krb5_verify_opt_set_keytab — Heimdal password verifying functions
9

LIBRARY

11     Kerberos 5 Library (libkrb5, -lkrb5)
12

SYNOPSIS

14     #include <krb5.h>
15
16     krb5_error_code
17     krb5_verify_user(krb5_context context, krb5_principal principal,
18         krb5_ccache ccache, const char *password, krb5_boolean secure,
19         const char *service);
20
21     krb5_error_code
22     krb5_verify_user_lrealm(krb5_context context, krb5_principal principal,
23         krb5_ccache ccache, const char *password, krb5_boolean secure,
24         const char *service);
25
26     void
27     krb5_verify_opt_init(krb5_verify_opt *opt);
28
29     void
30     krb5_verify_opt_alloc(krb5_verify_opt **opt);
31
32     void
33     krb5_verify_opt_free(krb5_verify_opt *opt);
34
35     void
36     krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache);
37
38     void
39     krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab);
40
41     void
42     krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure);
43
44     void
45     krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service);
46
47     void
48     krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags);
49
50     krb5_error_code
51     krb5_verify_user_opt(krb5_context context, krb5_principal principal,
52         const char *password, krb5_verify_opt *opt);
53

DESCRIPTION

55     The krb5_verify_user function verifies the password supplied by a user.
56     The principal whose password will be verified is specified in principal.
57     New tickets will be obtained as a side-effect and stored in ccache (if
58     NULL, the default ccache is used).  krb5_verify_user() will call
59     krb5_cc_initialize() on the given ccache, so ccache must only initialized
60     with krb5_cc_resolve() or krb5_cc_gen_new().  If the password is not sup‐
61     plied in password (and is given as NULL) the user will be prompted for
62     it.  If secure the ticket will be verified against the locally stored
63     service key service (by default ‘host’ if given as NULL ).
64
65     The krb5_verify_user_lrealm() function does the same, except that it
66     ignores the realm in principal and tries all the local realms (see
67     krb5.conf(5)).  After a successful return, the principal is set to the
68     authenticated realm. If the call fails, the principal will not be mean‐
69     ingful, and should only be freed with krb5_free_principal(3).
70
71     krb5_verify_opt_alloc() and krb5_verify_opt_free() allocates and frees a
72     krb5_verify_opt.  You should use the the alloc and free function instead
73     of allocation the structure yourself, this is because in a future release
74     the structure wont be exported.
75
76     krb5_verify_opt_init() resets all opt to default values.
77
78     None of the krb5_verify_opt_set function makes a copy of the data struc‐
79     ture that they are called with. It's up the caller to free them after the
80     krb5_verify_user_opt() is called.
81
82     krb5_verify_opt_set_ccache() sets the ccache that user of opt will use.
83     If not set, the default credential cache will be used.
84
85     krb5_verify_opt_set_keytab() sets the keytab that user of opt will use.
86     If not set, the default keytab will be used.
87
88     krb5_verify_opt_set_secure() if secure if true, the password verification
89     will require that the ticket will be verified against the locally stored
90     service key. If not set, default value is true.
91
92     krb5_verify_opt_set_service() sets the service principal that user of opt
93     will use. If not set, the ‘host’ service will be used.
94
95     krb5_verify_opt_set_flags() sets flags that user of opt will use.  If the
96     flag KRB5_VERIFY_LREALMS is used, the principal will be modified like
97     krb5_verify_user_lrealm() modifies it.
98
99     krb5_verify_user_opt() function verifies the password supplied by a user.
100     The principal whose password will be verified is specified in principal.
101     Options the to the verification process is pass in in opt.
102

EXAMPLES

104     Here is a example program that verifies a password. it uses the
105     ‘host/`hostname`’ service principal in krb5.keytab.
106
107     #include <krb5.h>
108
109     int
110     main(int argc, char **argv)
111     {
112         char *user;
113         krb5_error_code error;
114         krb5_principal princ;
115         krb5_context context;
116
117         if (argc != 2)
118             errx(1, "usage: verify_passwd <principal-name>");
119
120         user = argv[1];
121
122         if (krb5_init_context(&context) < 0)
123             errx(1, "krb5_init_context");
124
125         if ((error = krb5_parse_name(context, user, &princ)) != 0)
126             krb5_err(context, 1, error, "krb5_parse_name");
127
128         error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
129         if (error)
130             krb5_err(context, 1, error, "krb5_verify_user");
131
132         return 0;
133     }
134

SEE ALSO

136     krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
137     krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
138     krb5_kt_default(3), krb5.conf(5)
139
140HEIMDAL                           May 1, 2006                          HEIMDAL
Impressum