KRB5_VERIFY_USER(3)      BSD Library Functions Manual      KRB5_VERIFY_USER(3)

NNAAMMEE
     kkrrbb55__vveerriiffyy__uusseerr, kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm, kkrrbb55__vveerriiffyy__uusseerr__oopptt,
     kkrrbb55__vveerriiffyy__oopptt__iinniitt, kkrrbb55__vveerriiffyy__oopptt__aalllloocc, kkrrbb55__vveerriiffyy__oopptt__ffrreeee,
     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee, kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss,
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee, kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree,
     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb -- Heimdal password verifying functions

LLIIBBRRAARRYY
     Kerberos 5 Library (libkrb5, -lkrb5)

SSYYNNOOPPSSIISS
     ##iinncclluuddee <<kkrrbb55..hh>>

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
         _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
         _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__iinniitt(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__aalllloocc(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__ffrreeee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _u_n_s_i_g_n_e_d _i_n_t _f_l_a_g_s);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr__oopptt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

DDEESSCCRRIIPPTTIIOONN
     The kkrrbb55__vveerriiffyy__uusseerr function verifies the password supplied by a user.
     The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
     New tickets will be obtained as a side-effect and stored in _c_c_a_c_h_e (if
     NULL, the default ccache is used).  kkrrbb55__vveerriiffyy__uusseerr() will call
     kkrrbb55__cccc__iinniittiiaalliizzee() on the given _c_c_a_c_h_e, so _c_c_a_c_h_e must only initialized
     with kkrrbb55__cccc__rreessoollvvee() or kkrrbb55__cccc__ggeenn__nneeww().  If the password is not sup-
     plied in _p_a_s_s_w_o_r_d (and is given as NULL) the user will be prompted for
     it.  If _s_e_c_u_r_e the ticket will be verified against the locally stored
     service key _s_e_r_v_i_c_e (by default `host' if given as NULL ).

     The kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() function does the same, except that it
     ignores the realm in _p_r_i_n_c_i_p_a_l and tries all the local realms (see
     krb5.conf(5)).  After a successful return, the principal is set to the
     authenticated realm. If the call fails, the principal will not be mean-
     ingful, and should only be freed with krb5_free_principal(3).

     kkrrbb55__vveerriiffyy__oopptt__aalllloocc() and kkrrbb55__vveerriiffyy__oopptt__ffrreeee() allocates and frees a
     krb5_verify_opt.  You should use the the alloc and free function instead
     of allocation the structure yourself, this is because in a future release
     the structure wont be exported.

     kkrrbb55__vveerriiffyy__oopptt__iinniitt() resets all opt to default values.

     None of the krb5_verify_opt_set function makes a copy of the data struc-
     ture that they are called with. It's up the caller to free them after the
     kkrrbb55__vveerriiffyy__uusseerr__oopptt() is called.

     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee() sets the _c_c_a_c_h_e that user of _o_p_t will use.
     If not set, the default credential cache will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb() sets the _k_e_y_t_a_b that user of _o_p_t will use.
     If not set, the default keytab will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree() if _s_e_c_u_r_e if true, the password verification
     will require that the ticket will be verified against the locally stored
     service key. If not set, default value is true.

     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee() sets the _s_e_r_v_i_c_e principal that user of _o_p_t
     will use. If not set, the `host' service will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss() sets _f_l_a_g_s that user of _o_p_t will use.  If the
     flag KRB5_VERIFY_LREALMS is used, the _p_r_i_n_c_i_p_a_l will be modified like
     kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() modifies it.

     kkrrbb55__vveerriiffyy__uusseerr__oopptt() function verifies the _p_a_s_s_w_o_r_d supplied by a user.
     The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
     Options the to the verification process is pass in in _o_p_t.

EEXXAAMMPPLLEESS
     Here is a example program that verifies a password. it uses the
     `host/`hostname`' service principal in _k_r_b_5_._k_e_y_t_a_b.

     #include <krb5.h>

     int
     main(int argc, char **argv)
     {
         char *user;
         krb5_error_code error;
         krb5_principal princ;
         krb5_context context;

         if (argc != 2)
             errx(1, "usage: verify_passwd <principal-name>");

         user = argv[1];

         if (krb5_init_context(&context) < 0)
             errx(1, "krb5_init_context");

         if ((error = krb5_parse_name(context, user, &princ)) != 0)
             krb5_err(context, 1, error, "krb5_parse_name");

         error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
         if (error)
             krb5_err(context, 1, error, "krb5_verify_user");

         return 0;
     }

SSEEEE AALLSSOO
     krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
     krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
     krb5_kt_default(3), krb5.conf(5)

HEIMDAL                           May 1, 2006                          HEIMDAL