This routine maps the DCE principal to the local user account and determines if the DCE principal is allowed access to the account.
Valid User Library (libvaliduser.a)
int kvalid_user (char *princ_name, char *local_user)
This routine is called when Kerberos 5 authentication is configured to determine if the incoming Kerberos 5 ticket should allow access to the local account.
This routine determines whether the DCE principal, specified by the princ_name parameter, is allowed access to the user's account identified by the local_user parameter. The routine accesses the $HOME/.k5login file for the users account. It looks for the string pointed to by princ_name in that file.
Access is granted if one of two things is true.
Item | Description |
---|---|
princ_name | This parameter is a single-string representation of the Kerberos 5 principal. The Kerberos 5 libraries have two services, krb5_unparse_name and krb5_parse_name, which convert a krb5_principal structure to and from a single-string format. This routine expects the princ_name parameter to be a single-string form of the krb5_principal structure. |
local_user | This parameter is the character string holding the name of the local account. |
If the user is allowed access to the account, the kvalid_user routine returns TRUE.
If the user is NOT allowed access to the account or there was an error, the kvalid_user routine returns FALSE.