

KUSEROK(3)           BSD Programmer's Manual           KUSEROK(3)


NNAAMMEE
       kuserok - Kerberos version of ruserok

SSYYNNOOPPSSIISS
       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>

       kkuusseerrookk((kkddaattaa,, llooccaalluusseerr))
       AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
       cchhaarr   **llooccaalluusseerr;;

DDEESSCCRRIIPPTTIIOONN
       _k_u_s_e_r_o_k  determines whether a Kerberos principal described
       by the structure _a_u_t_h___d_a_t_a is authorized to login as  user
       _l_o_c_a_l_u_s_e_r    according    to    the   authorization   file
       ("~_l_o_c_a_l_u_s_e_r/.klogin" by default).  It returns 0 (zero) if
       authorized, 1 (one) if not authorized.

       If there is no account for _l_o_c_a_l_u_s_e_r on the local machine,
       authorization is not granted.  If there is  no  authoriza-
       tion   file,  and  the  Kerberos  principal  described  by
       _a_u_t_h___d_a_t_a translates to _l_o_c_a_l_u_s_e_r  (using  _k_r_b___k_n_t_o_l_n(3)),
       authorization is granted.  If the authorization file can't
       be accessed, or the file is not owned by _l_o_c_a_l_u_s_e_r_, autho-
       rization is denied.  Otherwise, the file is searched for a
       matching principal name, instance, and realm.  If a  match
       is  found, authorization is granted, else authorization is
       denied.

       The file entries are in the format:
                 name.instance@realm
       with one entry per line.

SSEEEE AALLSSOO
       kerberos(3), ruserok(3), krb_kntoln(3)

FFIILLEESS
       ~_l_o_c_a_l_u_s_e_r/.klogin  authorization list


MIT Project Athena     Kerberos Version 4.0                     1