.\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .\" $OpenBSD: kuserok.3,v 1.2 1997/05/30 03:11:30 gene Exp $ .TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kuserok \- Kerberos version of ruserok .SH SYNOPSIS .nf .nj .ft B #include .PP .ft B kuserok(kdata, localuser) AUTH_DAT *auth_data; char *localuser; .fi .ft R .SH DESCRIPTION .I kuserok determines whether a Kerberos principal described by the structure .I auth_data is authorized to login as user .I localuser according to the authorization file ("~\fIlocaluser\fR/etc/kerberosIV/master_keylogin" by default). It returns 0 (zero) if authorized, 1 (one) if not authorized. .PP If there is no account for .I localuser on the local machine, authorization is not granted. If there is no authorization file, and the Kerberos principal described by .I auth_data translates to .I localuser (using .IR krb_kntoln (3)), authorization is granted. If the authorization file can't be accessed, or the file is not owned by .IR localuser, authorization is denied. Otherwise, the file is searched for a matching principal name, instance, and realm. If a match is found, authorization is granted, else authorization is denied. .PP The file entries are in the format: .nf .in +5n name.instance@realm .in -5n .fi with one entry per line. .SH SEE ALSO kerberos(3), ruserok(3), krb_kntoln(3) .SH FILES .TP 20n ~\fIlocaluser\fR/etc/kerberosIV/master_keylogin authorization list