Provided by: heimdal-dev_7.8.git20221117.28daf24+dfsg-5ubuntu3_amd64 bug

NAME
       krb5_verify_user,        krb5_verify_user_lrealm,       krb5_verify_user_opt,       krb5_verify_opt_init,
       krb5_verify_opt_alloc,   krb5_verify_opt_free,   krb5_verify_opt_set_ccache,   krb5_verify_opt_set_flags,
       krb5_verify_opt_set_service,  krb5_verify_opt_set_secure,  krb5_verify_opt_set_keytab  — Heimdal password
       verifying functions


LIBRARY
       Kerberos 5 Library (libkrb5, -lkrb5)


SYNOPSIS
       #include <krb5.h>

       krb5_error_code
       krb5_verify_user(krb5_context     context,     krb5_principal     principal,     krb5_ccache      ccache,
           const char *password, krb5_boolean secure, const char *service);

       krb5_error_code
       krb5_verify_user_lrealm(krb5_context    context,    krb5_principal    principal,    krb5_ccache   ccache,
           const char *password, krb5_boolean secure, const char *service);

       void
       krb5_verify_opt_init(krb5_verify_opt *opt);

       void
       krb5_verify_opt_alloc(krb5_verify_opt **opt);

       void
       krb5_verify_opt_free(krb5_verify_opt *opt);

       void
       krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache);

       void
       krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab);

       void
       krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure);

       void
       krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service);

       void
       krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags);

       krb5_error_code
       krb5_verify_user_opt(krb5_context context,        krb5_principal principal,         const char *password,
           krb5_verify_opt *opt);


DESCRIPTION
       The  krb5_verify_user  function  verifies  the password supplied by a user.  The principal whose password
       will be verified is specified in principal.  New tickets will be obtained as a side-effect and stored  in
       ccache  (if  NULL, the default ccache is used).  krb5_verify_user() will call krb5_cc_initialize() on the
       given ccache, so ccache must only  initialized  with  krb5_cc_resolve()  or  krb5_cc_gen_new().   If  the
       password  is not supplied in password (and is given as NULL) the user will be prompted for it.  If secure
       the ticket will be verified against the locally stored service key service (by default ‘host’ if given as
       NULL ).

       The krb5_verify_user_lrealm() function does the same, except that it ignores the realm in  principal  and
       tries  all  the  local realms (see krb5.conf(5)).  After a successful return, the principal is set to the
       authenticated realm. If the call fails, the principal will not be meaningful, and should  only  be  freed
       with krb5_free_principal(3).

       krb5_verify_opt_alloc() and krb5_verify_opt_free() allocates and frees a krb5_verify_opt.  You should use
       the the alloc and free function instead of allocation the structure yourself, this is because in a future
       release the structure wont be exported.

       krb5_verify_opt_init() resets all opt to default values.

       None  of  the  krb5_verify_opt_set function makes a copy of the data structure that they are called with.
       It's up the caller to free them after the krb5_verify_user_opt() is called.

       krb5_verify_opt_set_ccache() sets the ccache that  user  of  opt  will  use.  If  not  set,  the  default
       credential cache will be used.

       krb5_verify_opt_set_keytab()  sets  the  keytab that user of opt will use. If not set, the default keytab
       will be used.

       krb5_verify_opt_set_secure() if secure if true, the password verification will require  that  the  ticket
       will be verified against the locally stored service key. If not set, default value is true.

       krb5_verify_opt_set_service()  sets  the  service  principal  that  user of opt will use. If not set, the
       ‘host’ service will be used.

       krb5_verify_opt_set_flags() sets flags that user of opt will use.  If  the  flag  KRB5_VERIFY_LREALMS  is
       used, the principal will be modified like krb5_verify_user_lrealm() modifies it.

       krb5_verify_user_opt()  function  verifies the password supplied by a user.  The principal whose password
       will be verified is specified in principal.  Options the to the verification process is pass in in opt.


EXAMPLES
       Here is a example program that verifies a password. it uses the ‘host/`hostname`’  service  principal  in
       krb5.keytab.

       #include <krb5.h>

       int
       main(int argc, char **argv)
       {
           char *user;
           krb5_error_code error;
           krb5_principal princ;
           krb5_context context;

           if (argc != 2)
               errx(1, "usage: verify_passwd <principal-name>");

           user = argv[1];

           if (krb5_init_context(&context) < 0)
               errx(1, "krb5_init_context");

           if ((error = krb5_parse_name(context, user, &princ)) != 0)
               krb5_err(context, 1, error, "krb5_parse_name");

           error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
           if (error)
               krb5_err(context, 1, error, "krb5_verify_user");

           return 0;
       }


SEE ALSO
       krb5_cc_gen_new(3),   krb5_cc_initialize(3),   krb5_cc_resolve(3),  krb5_err(3),  krb5_free_principal(3),
       krb5_init_context(3), krb5_kt_default(3), krb5.conf(5)

HEIMDAL                                            May 1, 2006                               KRB5_VERIFY_USER(3)