1 .\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" $Id: krb5_verify_user.3,v 1.10 2003/04/16 13:58:11 lha Exp $
35 .Dt KRB5_VERIFY_USER 3
38 .Nm krb5_verify_user ,
39 .Nm krb5_verify_user_lrealm ,
40 .Nm krb5_verify_user_opt ,
41 .Nm krb5_verify_opt_init
42 .Nm krb5_verify_opt_set_flags ,
43 .Nm krb5_verify_opt_set_service ,
44 .Nm krb5_verify_opt_set_secure ,
45 .Nm krb5_verify_opt_set_keytab
46 .Nd Heimdal password verifying functions.
48 Kerberos 5 Library (libkrb5, -lkrb5)
52 .Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
54 .Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
56 .Fn krb5_verify_opt_init "krb5_verify_opt *opt"
58 .Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
60 .Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
62 .Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
64 .Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
66 .Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
68 .Fo krb5_verify_user_opt
69 .Fa "krb5_context context"
70 .Fa "krb5_principal principal"
71 .Fa "const char *password"
72 .Fa "krb5_verify_opt *opt"
77 function verifies the password supplied by a user.
78 The principal whose password will be verified is specified in
80 New tickets will be obtained as a side-effect and stored in
84 the default ccache is used).
87 .Fn krb5_cc_initialize
92 must only initialized with
96 If the password is not supplied in
100 the user will be prompted for it.
103 the ticket will be verified against the locally stored service key
112 .Nm krb5_verify_user_lrealm
113 function does the same, except that it ignores the realm in
115 and tries all the local realms (see
117 After a successful return, the principal is set to the authenticated
118 realm. If the call fails, the principal will not be meaningful, and
119 should only be freed with
120 .Xr krb5_free_principal 3 .
122 .Fn krb5_verify_opt_init
123 resets all opt to default values.
125 None of the krb5_verify_opt_set function makes a copy of the data
126 structure that they are called with. Its up the caller to free them
128 .Fn krb5_verify_user_opt
131 .Fn krb5_verify_opt_set_ccache
136 will use. If not set, the default credential cache will be used.
138 .Fn krb5_verify_opt_set_keytab
143 will use. If not set, the default keytab will be used.
145 .Fn krb5_verify_opt_set_secure
148 if true, the password verification will require that the ticket will
149 be verified against the locally stored service key. If not set,
150 default value is true.
152 .Fn krb5_verify_opt_set_service
155 principal that user of
157 will use. If not set, the
159 service will be used.
161 .Fn krb5_verify_opt_set_flags
168 .Dv KRB5_VERIFY_LREALMS
171 will be modified like
172 .Fn krb5_verify_user_lrealm
175 .Fn krb5_verify_user_opt
176 function verifies the
179 The principal whose password will be verified is specified in
181 Options the to the verification process is pass in in
184 Here is a example program that verifies a password. it uses the
192 main(int argc, char **argv)
195 krb5_error_code error;
196 krb5_principal princ;
197 krb5_context context;
200 errx(1, "usage: verify_passwd <principal-name>");
204 if (krb5_init_context(&context) < 0)
205 errx(1, "krb5_init_context");
207 if ((error = krb5_parse_name(context, user, &princ)) != 0)
208 krb5_err(context, 1, error, "krb5_parse_name");
210 error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
212 krb5_err(context, 1, error, "krb5_verify_user");
219 .Xr krb5_cc_gen_new 3 ,
220 .Xr krb5_cc_resolve 3 ,
221 .Xr krb5_cc_initialize 3 ,
222 .Xr krb5_free_principal 3 ,
223 .Xr krb5_init_context 3 ,
224 .Xr krb5_kt_default 3 ,