Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KRB5_VERIFY_USER(3)	 BSD Library Functions Manual	   KRB5_VERIFY_USER(3)

NAME
     krb5_verify_user, krb5_verify_user_lrealm,	krb5_verify_user_opt,
     krb5_verify_opt_init, krb5_verify_opt_alloc, krb5_verify_opt_free,
     krb5_verify_opt_set_ccache, krb5_verify_opt_set_flags,
     krb5_verify_opt_set_service, krb5_verify_opt_set_secure,
     krb5_verify_opt_set_keytab	-- Heimdal password verifying functions

LIBRARY
     Kerberos 5	Library	(libkrb5, -lkrb5)

SYNOPSIS
     #include <krb5.h>

     krb5_error_code
     krb5_verify_user(krb5_context context, krb5_principal principal,
	 krb5_ccache ccache, const char	*password, krb5_boolean	secure,
	 const char *service);

     krb5_error_code
     krb5_verify_user_lrealm(krb5_context context, krb5_principal principal,
	 krb5_ccache ccache, const char	*password, krb5_boolean	secure,
	 const char *service);

     void
     krb5_verify_opt_init(krb5_verify_opt *opt);

     void
     krb5_verify_opt_alloc(krb5_verify_opt **opt);

     void
     krb5_verify_opt_free(krb5_verify_opt *opt);

     void
     krb5_verify_opt_set_ccache(krb5_verify_opt	*opt, krb5_ccache ccache);

     void
     krb5_verify_opt_set_keytab(krb5_verify_opt	*opt, krb5_keytab keytab);

     void
     krb5_verify_opt_set_secure(krb5_verify_opt	*opt, krb5_boolean secure);

     void
     krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service);

     void
     krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags);

     krb5_error_code
     krb5_verify_user_opt(krb5_context context,	krb5_principal principal,
	 const char *password, krb5_verify_opt *opt);

DESCRIPTION
     The krb5_verify_user function verifies the	password supplied by a user.
     The principal whose password will be verified is specified	in principal.
     New tickets will be obtained as a side-effect and stored in ccache	(if
     NULL, the default ccache is used).	 krb5_verify_user() will call
     krb5_cc_initialize() on the given ccache, so ccache must only initialized
     with krb5_cc_resolve() or krb5_cc_gen_new().  If the password is not sup-
     plied in password (and is given as	NULL) the user will be prompted	for
     it.  If secure the	ticket will be verified	against	the locally stored
     service key service (by default `host' if given as	NULL ).

     The krb5_verify_user_lrealm() function does the same, except that it ig-
     nores the realm in	principal and tries all	the local realms (see
     krb5.conf(5)).  After a successful	return,	the principal is set to	the
     authenticated realm. If the call fails, the principal will	not be mean-
     ingful, and should	only be	freed with krb5_free_principal(3).

     krb5_verify_opt_alloc() and krb5_verify_opt_free()	allocates and frees a
     krb5_verify_opt.  You should use the the alloc and	free function instead
     of	allocation the structure yourself, this	is because in a	future release
     the structure wont	be exported.

     krb5_verify_opt_init() resets all opt to default values.

     None of the krb5_verify_opt_set function makes a copy of the data struc-
     ture that they are	called with. It's up the caller	to free	them after the
     krb5_verify_user_opt() is called.

     krb5_verify_opt_set_ccache() sets the ccache that user of opt will	use.
     If	not set, the default credential	cache will be used.

     krb5_verify_opt_set_keytab() sets the keytab that user of opt will	use.
     If	not set, the default keytab will be used.

     krb5_verify_opt_set_secure() if secure if true, the password verification
     will require that the ticket will be verified against the locally stored
     service key. If not set, default value is true.

     krb5_verify_opt_set_service() sets	the service principal that user	of opt
     will use. If not set, the `host' service will be used.

     krb5_verify_opt_set_flags() sets flags that user of opt will use.	If the
     flag KRB5_VERIFY_LREALMS is used, the principal will be modified like
     krb5_verify_user_lrealm() modifies	it.

     krb5_verify_user_opt() function verifies the password supplied by a user.
     The principal whose password will be verified is specified	in principal.
     Options the to the	verification process is	pass in	in opt.

EXAMPLES
     Here is a example program that verifies a password. it uses the
     `host/`hostname`' service principal in krb5.keytab.

     #include <krb5.h>

     int
     main(int argc, char **argv)
     {
	 char *user;
	 krb5_error_code error;
	 krb5_principal	princ;
	 krb5_context context;

	 if (argc != 2)
	     errx(1, "usage: verify_passwd <principal-name>");

	 user =	argv[1];

	 if (krb5_init_context(&context) < 0)
	     errx(1, "krb5_init_context");

	 if ((error = krb5_parse_name(context, user, &princ)) != 0)
	     krb5_err(context, 1, error, "krb5_parse_name");

	 error = krb5_verify_user(context, princ, NULL,	NULL, TRUE, NULL);
	 if (error)
	     krb5_err(context, 1, error, "krb5_verify_user");

	 return	0;
     }

SEE ALSO
     krb5_cc_gen_new(3), krb5_cc_initialize(3),	krb5_cc_resolve(3),
     krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
     krb5_kt_default(3), krb5.conf(5)

HEIMDAL				  May 1, 2006			       HEIMDAL

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=krb5_verify_user&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help