next up previous contents index
Next: Miscellaneous operating specific functions Up: Operating-system specific functions Previous: Network based routines   Contents   Index

Operating specific access functions

These functions are involved with access control decisions and policies.


\begin{funcdecl}{krb5_aname_to_localname}{krb5_error_code}{\funcin}
\funcarg{krb...
...al}{aname}
\funcarg{int}{lnsize}
\funcout
\funcarg{char *}{lname}
\end{funcdecl}

Converts a principal name aname to a local name suitable for use by programs wishing a translation to an environment-specific name (e.g. user account name).

lnsize specifies the maximum length name that is to be filled into lname. The translation will be null terminated in all non-error returns.

Returns system errors.


\begin{funcdecl}{krb5_kuserok}{krb5_boolean}{\funcin}
\funcarg{krb5_context}{con...
...\funcarg{krb5_principal}{principal}
\funcarg{const char *}{luser}
\end{funcdecl}

Given a Kerberos principal principal, and a local username luser, determine whether user is authorized to login to the account luser. Returns TRUE if authorized, FALSE if not authorized.


\begin{funcdecl}{krb5_sname_to_principal}{krb5_error_code}{\funcin}
\funcarg{krb...
...{krb5_int32}{type}
\funcout
\funcarg{krb5_principal *}{ret_princ}
\end{funcdecl}

Given a hostname hostname and a generic service name sname, this function generates a full principal name to be used when authenticating with the named service on the host. The full prinicpal name is returned in ret_princ.

The realm of the principal is determined internally by calling krb5_get_host_realm.

The type argument controls how krb5_sname_to_principal generates the principal name, ret_princ, for the named service, sname. Currently, two values are supported: KRB5_NT_SRV_HOST, and KRB5_NT_UNKNOWN.

If type is set to KRB5_NT_SRV_HOST, the hostname will be canonicalized, i.e. a fully qualified lowercase hostname using the primary name and the domain name, before ret_princ is generated in the form "sname/hostname@LOCAL.REALM." Most applications should use KRB5_NT_SRV_HOST.

However, if type is set to KRB5_NT_UNKNOWN, while the generated principal name will have the form "sname/hostname@LOCAL.REALM" the hostname will not be canonicalized first. It will appear exactly as it was passed in hostname.

The caller should release ret_princ's storage by calling krb5_free_principal when it is finished with the principal.


next up previous contents index
Next: Miscellaneous operating specific functions Up: Operating-system specific functions Previous: Network based routines   Contents   Index
Autobuild 2006-06-16