keyhole logo

krb5plugin_kuserok_ftable_desc Struct Reference
[Heimdal Kerberos 5 support functions]

Description of the krb5_kuserok(3) plugin facility. More...

#include <kuserok_plugin.h>

Detailed Description

Description of the krb5_kuserok(3) plugin facility.

The krb5_kuserok(3) function is pluggable. The plugin is named KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0).

The plugin for krb5_kuserok(3) consists of a data symbol referencing a structure of type krb5plugin_kuserok_ftable, with four fields:

initPlugin initialization function (see krb5-plugin(7))
minor_versionThe plugin minor version number (0)
finiPlugin finalization function
kuserokPlugin kuserok function

The kuserok field is the plugin entry point that performs the traditional kuserok operation however the plugin desires. It is invoked in no particular order relative to other kuserok plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule. The plugin kuserok function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it.

The plugin kuserok function has the following arguments, in this order:

  1. plug_ctx, the context value output by the plugin's init function
  2. context, a krb5_context
  3. rule, the kuserok rule being evaluated (from krb5.conf(5))
  4. flags
  5. k5login_dir, configured location of k5login per-user files if any
  6. luser, name of the local user account to which principal is attempting to access.
  7. principal, the krb5_principal trying to access the luser account
  8. result, a krb5_boolean pointer where the plugin will output its result

The documentation for this struct was generated from the following file:

Generated on Fri Dec 6 2013 08:13:08 for HeimdalKerberos5library by doxygen 1.7.2