Import of heimdal-0.4e

1 files changed, 98 insertions, 0 deletions

diff --git a/kerberosV/src/lib/krb5/krb5_verify_user.3 b/kerberosV/src/lib/krb5/krb5_verify_user.3
new file mode 100644
index 00000000000..5da911391f0
--- /dev/null
+++ b/kerberosV/src/lib/krb5/krb5_verify_user.3
@@ -0,0 +1,98 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $Id: krb5_verify_user.3,v 1.1 2001/06/24 19:05:37 hin Exp $
+.Dd Jun 24, 2001
+.Dt KRB5_VERIFY_USER 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_verify_user ,
+.Nm krb5_verify_user_lrealm
+.Nd Heimdal password verifying functions
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+.Ft krb5_error_code
+.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
+.Ft krb5_error_code
+.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
+.Sh DESCRIPTION
+The
+.Nm krb5_verify_user
+function verify user 
+.Fa principal
+with
+.Fa password .
+If the flag
+.Fa secure
+is given the password is verified against
+.Fa service .
+As a side effect, fresh tickets are obtained and stored in
+.Fa ccache .
+If
+.Fa password
+is
+NULL, a password is asked. If
+.Fa ccache
+is NULL, the default credential-cache is used.
+.Pp
+The
+.Fa service
+is the service part service principal.
+.Nm krb5_verify_user
+take the
+.Fa service
+and appends the host's name and uses that a the service principal. If
+.Fa service
+is NULL, the service 
+.Ql host
+is used.
+.Pp
+.Nm krb5_verify_user_lrealm
+works the same way as 
+.Nm krb5_verify_user,
+with the exception that the realm of
+.Fa principal
+is ignored and all local realms in 
+.Xr krb5.conf 5
+are tried.
+.Sh BUGS
+Not setting
+.Fa secure
+should be considered a bug since the answer from the KDC isn't
+verified. The answer could be faked answer from malicious computer.
+.Sh EXAMPLE
+Here is a example program that verify a password. If uses the
+.Q1 host/`hostname`
+service principal in
+.Pa krb5.keytab .
+.Bd -literal
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+{
+    char *user;
+    krb5_error_code error;
+    krb5_principal princ;
+    krb5_context c;
+
+    if (argc != 2)
+	errx(1, "usage: verify_passwd <principal-name>");
+
+    user = argv[1];
+
+    if (krb5_init_context(&c) < 0)
+	errx(1, "krb5_init_context");
+
+    if ((error = krb5_parse_name(c, user, &princ)) != 0)
+	krb5_err(c, 1, error, "krb5_parse_name");
+
+    error = krb5_verify_user(c, princ, NULL, NULL, TRUE, NULL);
+    if (error)
+        krb5_err(c, 1, error, "krb5_verify_user");
+	
+    return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr krb5_init_context 3 ,
+.Xr krb5_err 3 ,
+.Xr krb5.conf 5