krb5_boolean
krb5_kuserok(
krb5_context context
krb5_principal principal
const char *user
)
user
and checks if
principal
is allowed to log in as that user.
The
user
may have a
~/.k5login
file listing principals that are allowed to login as that user. If
that file does not exist, all principals with a first component
identical to the username, and a realm considered local, are allowed
access.
The
.k5login
file must contain one principal per line, be owned by
user,
and not be writable by group or other (but must be readable by
anyone).
Note that if the file exists, no implicit access rights are given to
user@<localrealm>.
Optionally, a set of files may be put in
~/.k5login.d(
a directory), in which case they will all be checked in the same
manner as
.k5login.
The files may be called anything, but files starting with a hash
``(#''),
or ending with a tilde
``(~'')
are ignored. Subdirectories are not traversed. Note that this
directory may not be checked by other implementations.
TRUE
if access should be granted,
FALSE
otherwise.
~/.k5login.d
feature appeared in Heimdal 0.7.