2
KRB5_VERIFY_USER(3) BSD Library Functions Manual KRB5_VERIFY_USER(3)
5
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_l�lr�re�ea�al�lm�m, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_o�op�pt�t,
6
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_i�in�ni�it�t, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_a�al�ll�lo�oc�c, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_f�fr�re�ee�e,
7
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_c�cc�ca�ac�ch�he�e, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_f�fl�la�ag�gs�s,
8
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�er�rv�vi�ic�ce�e, k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�ec�cu�ur�re�e,
9
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_k�ke�ey�yt�ta�ab�b -- Heimdal password verifying functions
12
Kerberos 5 Library (libkrb5, -lkrb5)
14
S�SY�YN�NO�OP�PS�SI�IS�S
15
#�#i�in�nc�cl�lu�ud�de�e <�<k�kr�rb�b5�5.�.h�h>�>
17
_�k_�r_�b_�5_�__�e_�r_�r_�o_�r_�__�c_�o_�d_�e
18
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t, _�k_�r_�b_�5_�__�p_�r_�i_�n_�c_�i_�p_�a_�l _�p_�r_�i_�n_�c_�i_�p_�a_�l,
19
_�k_�r_�b_�5_�__�c_�c_�a_�c_�h_�e _�c_�c_�a_�c_�h_�e, _�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�p_�a_�s_�s_�w_�o_�r_�d, _�k_�r_�b_�5_�__�b_�o_�o_�l_�e_�a_�n _�s_�e_�c_�u_�r_�e,
20
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�s_�e_�r_�v_�i_�c_�e);
22
_�k_�r_�b_�5_�__�e_�r_�r_�o_�r_�__�c_�o_�d_�e
23
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_l�lr�re�ea�al�lm�m(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t, _�k_�r_�b_�5_�__�p_�r_�i_�n_�c_�i_�p_�a_�l _�p_�r_�i_�n_�c_�i_�p_�a_�l,
24
_�k_�r_�b_�5_�__�c_�c_�a_�c_�h_�e _�c_�c_�a_�c_�h_�e, _�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�p_�a_�s_�s_�w_�o_�r_�d, _�k_�r_�b_�5_�__�b_�o_�o_�l_�e_�a_�n _�s_�e_�c_�u_�r_�e,
25
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�s_�e_�r_�v_�i_�c_�e);
28
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_i�in�ni�it�t(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t);
31
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_a�al�ll�lo�oc�c(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�*_�o_�p_�t);
34
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_f�fr�re�ee�e(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t);
37
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_c�cc�ca�ac�ch�he�e(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t, _�k_�r_�b_�5_�__�c_�c_�a_�c_�h_�e _�c_�c_�a_�c_�h_�e);
40
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_k�ke�ey�yt�ta�ab�b(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t, _�k_�r_�b_�5_�__�k_�e_�y_�t_�a_�b _�k_�e_�y_�t_�a_�b);
43
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�ec�cu�ur�re�e(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t, _�k_�r_�b_�5_�__�b_�o_�o_�l_�e_�a_�n _�s_�e_�c_�u_�r_�e);
46
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�er�rv�vi�ic�ce�e(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t, _�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�s_�e_�r_�v_�i_�c_�e);
49
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_f�fl�la�ag�gs�s(_�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t, _�u_�n_�s_�i_�g_�n_�e_�d _�i_�n_�t _�f_�l_�a_�g_�s);
51
_�k_�r_�b_�5_�__�e_�r_�r_�o_�r_�__�c_�o_�d_�e
52
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_o�op�pt�t(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t, _�k_�r_�b_�5_�__�p_�r_�i_�n_�c_�i_�p_�a_�l _�p_�r_�i_�n_�c_�i_�p_�a_�l,
53
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�p_�a_�s_�s_�w_�o_�r_�d, _�k_�r_�b_�5_�__�v_�e_�r_�i_�f_�y_�__�o_�p_�t _�*_�o_�p_�t);
55
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
56
The k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r function verifies the password supplied by a user.
57
The principal whose password will be verified is specified in _�p_�r_�i_�n_�c_�i_�p_�a_�l.
58
New tickets will be obtained as a side-effect and stored in _�c_�c_�a_�c_�h_�e (if
59
NULL, the default ccache is used). k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r() will call
60
k�kr�rb�b5�5_�_c�cc�c_�_i�in�ni�it�ti�ia�al�li�iz�ze�e() on the given _�c_�c_�a_�c_�h_�e, so _�c_�c_�a_�c_�h_�e must only initialized
61
with k�kr�rb�b5�5_�_c�cc�c_�_r�re�es�so�ol�lv�ve�e() or k�kr�rb�b5�5_�_c�cc�c_�_g�ge�en�n_�_n�ne�ew�w(). If the password is not sup-
62
plied in _�p_�a_�s_�s_�w_�o_�r_�d (and is given as NULL) the user will be prompted for
63
it. If _�s_�e_�c_�u_�r_�e the ticket will be verified against the locally stored
64
service key _�s_�e_�r_�v_�i_�c_�e (by default `host' if given as NULL ).
66
The k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_l�lr�re�ea�al�lm�m() function does the same, except that it
67
ignores the realm in _�p_�r_�i_�n_�c_�i_�p_�a_�l and tries all the local realms (see
68
krb5.conf(5)). After a successful return, the principal is set to the
69
authenticated realm. If the call fails, the principal will not be mean-
70
ingful, and should only be freed with krb5_free_principal(3).
72
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_a�al�ll�lo�oc�c() and k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_f�fr�re�ee�e() allocates and frees a
73
krb5_verify_opt. You should use the the alloc and free function instead
74
of allocation the structure yourself, this is because in a future release
75
the structure wont be exported.
77
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_i�in�ni�it�t() resets all opt to default values.
79
None of the krb5_verify_opt_set function makes a copy of the data struc-
80
ture that they are called with. It's up the caller to free them after the
81
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_o�op�pt�t() is called.
83
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_c�cc�ca�ac�ch�he�e() sets the _�c_�c_�a_�c_�h_�e that user of _�o_�p_�t will use.
84
If not set, the default credential cache will be used.
86
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_k�ke�ey�yt�ta�ab�b() sets the _�k_�e_�y_�t_�a_�b that user of _�o_�p_�t will use.
87
If not set, the default keytab will be used.
89
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�ec�cu�ur�re�e() if _�s_�e_�c_�u_�r_�e if true, the password verification
90
will require that the ticket will be verified against the locally stored
91
service key. If not set, default value is true.
93
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_s�se�er�rv�vi�ic�ce�e() sets the _�s_�e_�r_�v_�i_�c_�e principal that user of _�o_�p_�t
94
will use. If not set, the `host' service will be used.
96
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_o�op�pt�t_�_s�se�et�t_�_f�fl�la�ag�gs�s() sets _�f_�l_�a_�g_�s that user of _�o_�p_�t will use. If the
97
flag KRB5_VERIFY_LREALMS is used, the _�p_�r_�i_�n_�c_�i_�p_�a_�l will be modified like
98
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_l�lr�re�ea�al�lm�m() modifies it.
100
k�kr�rb�b5�5_�_v�ve�er�ri�if�fy�y_�_u�us�se�er�r_�_o�op�pt�t() function verifies the _�p_�a_�s_�s_�w_�o_�r_�d supplied by a user.
101
The principal whose password will be verified is specified in _�p_�r_�i_�n_�c_�i_�p_�a_�l.
102
Options the to the verification process is pass in in _�o_�p_�t.
104
E�EX�XA�AM�MP�PL�LE�ES�S
105
Here is a example program that verifies a password. it uses the
106
`host/`hostname`' service principal in _�k_�r_�b_�5_�._�k_�e_�y_�t_�a_�b.
111
main(int argc, char **argv)
114
krb5_error_code error;
115
krb5_principal princ;
116
krb5_context context;
119
errx(1, "usage: verify_passwd <principal-name>");
123
if (krb5_init_context(&context) < 0)
124
errx(1, "krb5_init_context");
126
if ((error = krb5_parse_name(context, user, &princ)) != 0)
127
krb5_err(context, 1, error, "krb5_parse_name");
129
error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
131
krb5_err(context, 1, error, "krb5_verify_user");
136
S�SE�EE�E A�AL�LS�SO�O
137
krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
138
krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
139
krb5_kt_default(3), krb5.conf(5)
141
HEIMDAL May 1, 2006 HEIMDAL
added
removed
lib/krb5/krb5_verify_user.cat3
