| blob | 90999e52db3c73629b5c3c9c241b3a7e99632ed7 |
1 .\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
4 .\"
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
7 .\" are met:
8 .\"
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\"
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\"
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
19 .\"
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" SUCH DAMAGE.
31 .\"
32 .\" $Heimdal: krb5_verify_user.3 22071 2007-11-14 20:04:50Z lha $
33 .\" $NetBSD$
34 .\"
35 .Dd May 1, 2006
36 .Dt KRB5_VERIFY_USER 3
37 .Os
38 .Sh NAME
39 .Nm krb5_verify_user ,
40 .Nm krb5_verify_user_lrealm ,
41 .Nm krb5_verify_user_opt ,
42 .Nm krb5_verify_opt_init ,
43 .Nm krb5_verify_opt_alloc ,
44 .Nm krb5_verify_opt_free ,
45 .Nm krb5_verify_opt_set_ccache ,
46 .Nm krb5_verify_opt_set_flags ,
47 .Nm krb5_verify_opt_set_service ,
48 .Nm krb5_verify_opt_set_secure ,
49 .Nm krb5_verify_opt_set_keytab
50 .Nd Heimdal password verifying functions
51 .Sh LIBRARY
52 Kerberos 5 Library (libkrb5, -lkrb5)
53 .Sh SYNOPSIS
54 .In krb5/krb5.h
55 .Ft krb5_error_code
56 .Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
57 .Ft krb5_error_code
58 .Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
59 .Ft void
60 .Fn krb5_verify_opt_init "krb5_verify_opt *opt"
61 .Ft void
62 .Fn krb5_verify_opt_alloc "krb5_verify_opt **opt"
63 .Ft void
64 .Fn krb5_verify_opt_free "krb5_verify_opt *opt"
65 .Ft void
66 .Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
67 .Ft void
68 .Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
69 .Ft void
70 .Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
71 .Ft void
72 .Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
73 .Ft void
74 .Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
75 .Ft krb5_error_code
76 .Fo krb5_verify_user_opt
77 .Fa "krb5_context context"
78 .Fa "krb5_principal principal"
79 .Fa "const char *password"
80 .Fa "krb5_verify_opt *opt"
81 .Fc
82 .Sh DESCRIPTION
83 The
84 .Nm krb5_verify_user
85 function verifies the password supplied by a user.
86 The principal whose password will be verified is specified in
87 .Fa principal .
88 New tickets will be obtained as a side-effect and stored in
89 .Fa ccache
90 (if
91 .Dv NULL ,
92 the default ccache is used).
93 .Fn krb5_verify_user
94 will call
95 .Fn krb5_cc_initialize
96 on the given
97 .Fa ccache ,
98 so
99 .Fa ccache
100 must only initialized with
101 .Fn krb5_cc_resolve
102 or
103 .Fn krb5_cc_gen_new .
104 If the password is not supplied in
105 .Fa password
106 (and is given as
107 .Dv NULL )
108 the user will be prompted for it.
109 If
110 .Fa secure
111 the ticket will be verified against the locally stored service key
112 .Fa service
113 (by default
114 .Ql host
115 if given as
116 .Dv NULL
117 ).
118 .Pp
119 The
120 .Fn krb5_verify_user_lrealm
121 function does the same, except that it ignores the realm in
122 .Fa principal
123 and tries all the local realms (see
124 .Xr krb5.conf 5 ) .
125 After a successful return, the principal is set to the authenticated
126 realm. If the call fails, the principal will not be meaningful, and
127 should only be freed with
128 .Xr krb5_free_principal 3 .
129 .Pp
130 .Fn krb5_verify_opt_alloc
131 and
132 .Fn krb5_verify_opt_free
133 allocates and frees a
134 .Li krb5_verify_opt .
135 You should use the the alloc and free function instead of allocation
136 the structure yourself, this is because in a future release the
137 structure wont be exported.
138 .Pp
139 .Fn krb5_verify_opt_init
140 resets all opt to default values.
141 .Pp
142 None of the krb5_verify_opt_set function makes a copy of the data
143 structure that they are called with. It's up the caller to free them
144 after the
145 .Fn krb5_verify_user_opt
146 is called.
147 .Pp
148 .Fn krb5_verify_opt_set_ccache
149 sets the
150 .Fa ccache
151 that user of
152 .Fa opt
153 will use. If not set, the default credential cache will be used.
154 .Pp
155 .Fn krb5_verify_opt_set_keytab
156 sets the
157 .Fa keytab
158 that user of
159 .Fa opt
160 will use. If not set, the default keytab will be used.
161 .Pp
162 .Fn krb5_verify_opt_set_secure
163 if
164 .Fa secure
165 if true, the password verification will require that the ticket will
166 be verified against the locally stored service key. If not set,
167 default value is true.
168 .Pp
169 .Fn krb5_verify_opt_set_service
170 sets the
171 .Fa service
172 principal that user of
173 .Fa opt
174 will use. If not set, the
175 .Ql host
176 service will be used.
177 .Pp
178 .Fn krb5_verify_opt_set_flags
179 sets
180 .Fa flags
181 that user of
182 .Fa opt
183 will use.
184 If the flag
185 .Dv KRB5_VERIFY_LREALMS
186 is used, the
187 .Fa principal
188 will be modified like
189 .Fn krb5_verify_user_lrealm
190 modifies it.
191 .Pp
192 .Fn krb5_verify_user_opt
193 function verifies the
194 .Fa password
195 supplied by a user.
196 The principal whose password will be verified is specified in
197 .Fa principal .
198 Options the to the verification process is pass in in
199 .Fa opt .
200 .Sh EXAMPLES
201 Here is a example program that verifies a password. it uses the
202 .Ql host/`hostname`
203 service principal in
204 .Pa krb5.keytab .
205 .Bd -literal
206 #include <krb5/krb5.h>
208 int
209 main(int argc, char **argv)
210 {
211 char *user;
212 krb5_error_code error;
213 krb5_principal princ;
214 krb5_context context;
216 if (argc != 2)
217 errx(1, "usage: verify_passwd <principal-name>");
219 user = argv[1];
221 if (krb5_init_context(&context) < 0)
222 errx(1, "krb5_init_context");
224 if ((error = krb5_parse_name(context, user, &princ)) != 0)
225 krb5_err(context, 1, error, "krb5_parse_name");
227 error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
228 if (error)
229 krb5_err(context, 1, error, "krb5_verify_user");
231 return 0;
232 }
233 .Ed
234 .Sh SEE ALSO
235 .Xr krb5_cc_gen_new 3 ,
236 .Xr krb5_cc_initialize 3 ,
237 .Xr krb5_cc_resolve 3 ,
238 .Xr krb5_err 3 ,
239 .Xr krb5_free_principal 3 ,
240 .Xr krb5_init_context 3 ,
241 .Xr krb5_kt_default 3 ,
242 .Xr krb5.conf 5