2
KRB5_VERIFY_USER(3) BSD Library Functions Manual KRB5_VERIFY_USER(3)
5
kkrrbb55__vveerriiffyy__uusseerr, kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm, kkrrbb55__vveerriiffyy__uusseerr__oopptt,
6
kkrrbb55__vveerriiffyy__oopptt__iinniitt, kkrrbb55__vveerriiffyy__oopptt__aalllloocc, kkrrbb55__vveerriiffyy__oopptt__ffrreeee,
7
kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee, kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss,
8
kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee, kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree,
9
kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb -- Heimdal password verifying functions
12
Kerberos 5 Library (libkrb5, -lkrb5)
15
##iinncclluuddee <<kkrrbb55..hh>>
17
_k_r_b_5___e_r_r_o_r___c_o_d_e
18
kkrrbb55__vveerriiffyy__uusseerr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
19
_k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
20
_c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);
22
_k_r_b_5___e_r_r_o_r___c_o_d_e
23
kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
24
_k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
25
_c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);
28
kkrrbb55__vveerriiffyy__oopptt__iinniitt(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);
31
kkrrbb55__vveerriiffyy__oopptt__aalllloocc(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_*_o_p_t);
34
kkrrbb55__vveerriiffyy__oopptt__ffrreeee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);
37
kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e);
40
kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b);
43
kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e);
46
kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);
49
kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _u_n_s_i_g_n_e_d _i_n_t _f_l_a_g_s);
51
_k_r_b_5___e_r_r_o_r___c_o_d_e
52
kkrrbb55__vveerriiffyy__uusseerr__oopptt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
53
_c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);
55
DDEESSCCRRIIPPTTIIOONN
56
The kkrrbb55__vveerriiffyy__uusseerr function verifies the password supplied by a user.
57
The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
58
New tickets will be obtained as a side-effect and stored in _c_c_a_c_h_e (if
59
NULL, the default ccache is used). kkrrbb55__vveerriiffyy__uusseerr() will call
60
kkrrbb55__cccc__iinniittiiaalliizzee() on the given _c_c_a_c_h_e, so _c_c_a_c_h_e must only initialized
61
with kkrrbb55__cccc__rreessoollvvee() or kkrrbb55__cccc__ggeenn__nneeww(). If the password is not sup-
62
plied in _p_a_s_s_w_o_r_d (and is given as NULL) the user will be prompted for
63
it. If _s_e_c_u_r_e the ticket will be verified against the locally stored
64
service key _s_e_r_v_i_c_e (by default `host' if given as NULL ).
66
The kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() function does the same, except that it
67
ignores the realm in _p_r_i_n_c_i_p_a_l and tries all the local realms (see
68
krb5.conf(5)). After a successful return, the principal is set to the
69
authenticated realm. If the call fails, the principal will not be mean-
70
ingful, and should only be freed with krb5_free_principal(3).
72
kkrrbb55__vveerriiffyy__oopptt__aalllloocc() and kkrrbb55__vveerriiffyy__oopptt__ffrreeee() allocates and frees a
73
krb5_verify_opt. You should use the the alloc and free function instead
74
of allocation the structure yourself, this is because in a future release
75
the structure wont be exported.
77
kkrrbb55__vveerriiffyy__oopptt__iinniitt() resets all opt to default values.
79
None of the krb5_verify_opt_set function makes a copy of the data struc-
80
ture that they are called with. It's up the caller to free them after the
81
kkrrbb55__vveerriiffyy__uusseerr__oopptt() is called.
83
kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee() sets the _c_c_a_c_h_e that user of _o_p_t will use.
84
If not set, the default credential cache will be used.
86
kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb() sets the _k_e_y_t_a_b that user of _o_p_t will use.
87
If not set, the default keytab will be used.
89
kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree() if _s_e_c_u_r_e if true, the password verification
90
will require that the ticket will be verified against the locally stored
91
service key. If not set, default value is true.
93
kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee() sets the _s_e_r_v_i_c_e principal that user of _o_p_t
94
will use. If not set, the `host' service will be used.
96
kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss() sets _f_l_a_g_s that user of _o_p_t will use. If the
97
flag KRB5_VERIFY_LREALMS is used, the _p_r_i_n_c_i_p_a_l will be modified like
98
kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() modifies it.
100
kkrrbb55__vveerriiffyy__uusseerr__oopptt() function verifies the _p_a_s_s_w_o_r_d supplied by a user.
101
The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
102
Options the to the verification process is pass in in _o_p_t.
105
Here is a example program that verifies a password. it uses the
106
`host/`hostname`' service principal in _k_r_b_5_._k_e_y_t_a_b.
111
main(int argc, char **argv)
114
krb5_error_code error;
115
krb5_principal princ;
116
krb5_context context;
119
errx(1, "usage: verify_passwd <principal-name>");
123
if (krb5_init_context(&context) < 0)
124
errx(1, "krb5_init_context");
126
if ((error = krb5_parse_name(context, user, &princ)) != 0)
127
krb5_err(context, 1, error, "krb5_parse_name");
129
error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
131
krb5_err(context, 1, error, "krb5_verify_user");
137
krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
138
krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
139
krb5_kt_default(3), krb5.conf(5)
141
HEIMDAL May 1, 2006 HEIMDAL