KUSEROK(3)                                             KUSEROK(3)


NAME
       kuserok - Kerberos version of ruserok



SYNOPSIS
       #include <kerberosIV/krb.h>

       kuserok(kdata, localuser)
       AUTH_DAT *auth_data;
       char   *localuser;

DESCRIPTION
       kuserok  determines whether a Kerberos principal described
       by the structure auth_data is authorized to login as  user
       localuser    according    to    the   authorization   file
       ("~localuser/.klogin" by default).  It returns 0 (zero) if
       authorized, 1 (one) if not authorized.

       If there is no account for localuser on the local machine,
       authorization is not granted.  If there is  no  authoriza-
       tion   file,  and  the  Kerberos  principal  described  by
       auth_data translates to localuser  (using  krb_kntoln(3)),
       authorization is granted.  If the authorization file can't
       be accessed, or the file is not owned by localuser, autho-
       rization is denied.  Otherwise, the file is searched for a
       matching principal name, instance, and realm.  If a  match
       is  found, authorization is granted, else authorization is
       denied.

       The file entries are in the format:
                 name.instance@realm
       with one entry per line.

SEE ALSO
       kerberos(3), ruserok(3), krb_kntoln(3)

FILES
       ~localuser/.klogin  authorization list




















MIT Project Athena     Kerberos Version 4.0                     1