2 KRB5_VERIFY_USER(3) UNIX Programmer's Manual KRB5_VERIFY_USER(3)
5 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br, k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_l
\blr
\bre
\bea
\bal
\blm
\bm, k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_o
\bop
\bpt
\bt,
6 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_i
\bin
\bni
\bit
\bt k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_f
\bfl
\bla
\bag
\bgs
\bs,
7 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\ber
\brv
\bvi
\bic
\bce
\be, k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\bec
\bcu
\bur
\bre
\be,
8 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_k
\bke
\bey
\byt
\bta
\bab
\bb - Heimdal password verifying functions.
10 L
\bLI
\bIB
\bBR
\bRA
\bAR
\bRY
\bY
11 Kerberos 5 Library (libkrb5, -lkrb5)
13 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
14 _
\bk_
\br_
\bb_
\b5_
\b__
\be_
\br_
\br_
\bo_
\br_
\b__
\bc_
\bo_
\bd_
\be
15 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br(_
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt _
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl,
16 _
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bc_
\ba_
\bc_
\bh_
\be _
\bc_
\bc_
\ba_
\bc_
\bh_
\be, _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bp_
\ba_
\bs_
\bs_
\bw_
\bo_
\br_
\bd, _
\bk_
\br_
\bb_
\b5_
\b__
\bb_
\bo_
\bo_
\bl_
\be_
\ba_
\bn _
\bs_
\be_
\bc_
\bu_
\br_
\be,
17 _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be)
19 _
\bk_
\br_
\bb_
\b5_
\b__
\be_
\br_
\br_
\bo_
\br_
\b__
\bc_
\bo_
\bd_
\be
20 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_l
\blr
\bre
\bea
\bal
\blm
\bm(_
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt _
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl,
21 _
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bc_
\ba_
\bc_
\bh_
\be _
\bc_
\bc_
\ba_
\bc_
\bh_
\be, _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bp_
\ba_
\bs_
\bs_
\bw_
\bo_
\br_
\bd, _
\bk_
\br_
\bb_
\b5_
\b__
\bb_
\bo_
\bo_
\bl_
\be_
\ba_
\bn _
\bs_
\be_
\bc_
\bu_
\br_
\be,
22 _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be)
25 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_i
\bin
\bni
\bit
\bt(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt)
28 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_c
\bcc
\bca
\bac
\bch
\bhe
\be(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bc_
\ba_
\bc_
\bh_
\be _
\bc_
\bc_
\ba_
\bc_
\bh_
\be)
31 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_k
\bke
\bey
\byt
\bta
\bab
\bb(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bk_
\be_
\by_
\bt_
\ba_
\bb _
\bk_
\be_
\by_
\bt_
\ba_
\bb)
34 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\bec
\bcu
\bur
\bre
\be(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bb_
\bo_
\bo_
\bl_
\be_
\ba_
\bn _
\bs_
\be_
\bc_
\bu_
\br_
\be)
37 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\ber
\brv
\bvi
\bic
\bce
\be(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt, _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be)
40 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_f
\bfl
\bla
\bag
\bgs
\bs(_
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt, _
\bu_
\bn_
\bs_
\bi_
\bg_
\bn_
\be_
\bd _
\bi_
\bn_
\bt _
\bf_
\bl_
\ba_
\bg_
\bs)
42 _
\bk_
\br_
\bb_
\b5_
\b__
\be_
\br_
\br_
\bo_
\br_
\b__
\bc_
\bo_
\bd_
\be
43 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_o
\bop
\bpt
\bt(_
\bk_
\br_
\bb_
\b5_
\b__
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt _
\bc_
\bo_
\bn_
\bt_
\be_
\bx_
\bt, _
\bk_
\br_
\bb_
\b5_
\b__
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl,
44 _
\bc_
\bo_
\bn_
\bs_
\bt _
\bc_
\bh_
\ba_
\br _
\b*_
\bp_
\ba_
\bs_
\bs_
\bw_
\bo_
\br_
\bd, _
\bk_
\br_
\bb_
\b5_
\b__
\bv_
\be_
\br_
\bi_
\bf_
\by_
\b__
\bo_
\bp_
\bt _
\b*_
\bo_
\bp_
\bt)
46 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
47 The k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br function verifies the password supplied by a user.
48 The principal whose password will be verified is specified in _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl.
49 New tickets will be obtained as a side-effect and stored in _
\bc_
\bc_
\ba_
\bc_
\bh_
\be (if
50 NULL, the default ccache is used). k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br() will call
51 k
\bkr
\brb
\bb5
\b5_
\b_c
\bcc
\bc_
\b_i
\bin
\bni
\bit
\bti
\bia
\bal
\bli
\biz
\bze
\be() on the given _
\bc_
\bc_
\ba_
\bc_
\bh_
\be, so _
\bc_
\bc_
\ba_
\bc_
\bh_
\be must only initialized
52 with k
\bkr
\brb
\bb5
\b5_
\b_c
\bcc
\bc_
\b_r
\bre
\bes
\bso
\bol
\blv
\bve
\be() or k
\bkr
\brb
\bb5
\b5_
\b_c
\bcc
\bc_
\b_g
\bge
\ben
\bn_
\b_n
\bne
\bew
\bw(). If the password is not sup-
53 plied in _
\bp_
\ba_
\bs_
\bs_
\bw_
\bo_
\br_
\bd (and is given as NULL) the user will be prompted for
54 it. If _
\bs_
\be_
\bc_
\bu_
\br_
\be the ticket will be verified against the locally stored
55 service key _
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be (by default `host' if given as NULL ).
57 The k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_l
\blr
\bre
\bea
\bal
\blm
\bm function does the same, except that it ig-
58 nores the realm in _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl and tries all the local realms (see
59 krb5.conf(5)). After a successful return, the principal is set to the
60 authenticated realm. If the call fails, the principal will not be mean-
61 ingful, and should only be freed with krb5_free_principal(3).
63 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_i
\bin
\bni
\bit
\bt() resets all opt to default values.
66 None of the krb5_verify_opt_set function makes a copy of the data struc-
67 ture that they are called with. Its up the caller to free them after the
68 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_o
\bop
\bpt
\bt() is called.
70 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_c
\bcc
\bca
\bac
\bch
\bhe
\be() sets the _
\bc_
\bc_
\ba_
\bc_
\bh_
\be that user of _
\bo_
\bp_
\bt will use.
71 If not set, the default credential cache will be used.
73 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_k
\bke
\bey
\byt
\bta
\bab
\bb() sets the _
\bk_
\be_
\by_
\bt_
\ba_
\bb that user of _
\bo_
\bp_
\bt will use.
74 If not set, the default keytab will be used.
76 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\bec
\bcu
\bur
\bre
\be() if _
\bs_
\be_
\bc_
\bu_
\br_
\be if true, the password verification
77 will require that the ticket will be verified against the locally stored
78 service key. If not set, default value is true.
80 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_s
\bse
\ber
\brv
\bvi
\bic
\bce
\be() sets the _
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be principal that user of _
\bo_
\bp_
\bt
81 will use. If not set, the `host' service will be used.
83 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_o
\bop
\bpt
\bt_
\b_s
\bse
\bet
\bt_
\b_f
\bfl
\bla
\bag
\bgs
\bs() sets _
\bf_
\bl_
\ba_
\bg_
\bs that user of _
\bo_
\bp_
\bt will use. If the
84 flag KRB5_VERIFY_LREALMS is used, the _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl will be modified like
85 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_l
\blr
\bre
\bea
\bal
\blm
\bm() modifies it.
87 k
\bkr
\brb
\bb5
\b5_
\b_v
\bve
\ber
\bri
\bif
\bfy
\by_
\b_u
\bus
\bse
\ber
\br_
\b_o
\bop
\bpt
\bt() function verifies the _
\bp_
\ba_
\bs_
\bs_
\bw_
\bo_
\br_
\bd supplied by a user.
88 The principal whose password will be verified is specified in _
\bp_
\br_
\bi_
\bn_
\bc_
\bi_
\bp_
\ba_
\bl.
89 Options the to the verification process is pass in in _
\bo_
\bp_
\bt.
91 E
\bEX
\bXA
\bAM
\bMP
\bPL
\bLE
\bE
92 Here is a example program that verifies a password. it uses the
93 `host/`hostname`' service principal in _
\bk_
\br_
\bb_
\b5_
\b._
\bk_
\be_
\by_
\bt_
\ba_
\bb.
98 main(int argc, char **argv)
101 krb5_error_code error;
102 krb5_principal princ;
103 krb5_context context;
106 errx(1, "usage: verify_passwd <principal-name>");
110 if (krb5_init_context(&context) < 0)
111 errx(1, "krb5_init_context");
113 if ((error = krb5_parse_name(context, user, &princ)) != 0)
114 krb5_err(context, 1, error, "krb5_parse_name");
116 error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
118 krb5_err(context, 1, error, "krb5_verify_user");
123 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
124 krb5_err(3), krb5_cc_gen_new(3), krb5_cc_resolve(3),
125 krb5_cc_initialize(3), krb5_free_principal(3), krb5_init_context(3),
126 krb5_kt_default(3), krb5.conf(5)
128 HEIMDAL March 25, 2003 2