krb5plugin_kuserok_ftable_desc - Man Page

Description of the krb5_kuserok(3) plugin facility.


#include <kuserok_plugin.h>

Detailed Description

Description of the krb5_kuserok(3) plugin facility.

The krb5_kuserok(3) function is pluggable. The plugin is named KRB5_PLUGIN_KUSEROK ('krb5_plugin_kuserok'), with a single minor version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0).

The plugin for krb5_kuserok(3) consists of a data symbol referencing a structure of type krb5plugin_kuserok_ftable, with four fields:


init Plugin initialization function (see krb5-plugin(7))
minor_version The plugin minor version number (0)
fini Plugin finalization function
kuserok Plugin kuserok function

The kuserok field is the plugin entry point that performs the traditional kuserok operation however the plugin desires. It is invoked in no particular order relative to other kuserok plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule. The plugin kuserok function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it.

The plugin kuserok function has the following arguments, in this order:

  1. plug_ctx, the context value output by the plugin's init function
  2. context, a krb5_context
  3. rule, the kuserok rule being evaluated (from krb5.conf(5))
  4. flags
  5. k5login_dir, configured location of k5login per-user files if any
  6. luser, name of the local user account to which principal is attempting to access.
  7. principal, the krb5_principal trying to access the luser account
  8. result, a krb5_boolean pointer where the plugin will output its result


Generated automatically by Doxygen for HeimdalKerberos5library from the source code.


Fri Jun 7 2019 Version 7.7.0 HeimdalKerberos5library