sec_login_certify_identity-Certify a (validated) login context.
#include <dce/sec_login.h> boolean32 sec_login_certify_identity( sec_login_handle_t login_context, error_status_t *status);
Login context to be certified.
The completion status.
sec_login_certify_identity()routine certifies a (validated) login context; that is, demonstrates its trustworthiness (for the purpose of basing access decisions on information carried in it) to parties other than the principal/account to which it is associated.
In typical implementations this is accomplished by using the login context to execute a protected RPC (of authentication type rpc_c_authn_dce_secret, of authorisation type rpc_c_authz_dce, and of protection level rpc_c_protect_level_pkt_integ) to the local host's SCD. If an implementation of
sec_login_certify_identity()does not support the same strong guarantee of "infallible" certification that sec_login_valid_and_cert_ident()does, this fact (as well as the information about the strength of the guarantee that actually is supported) must be noted in the implementation's documentation of sec_login_certify_identity(). (See Further Discussion of Certificationfor details.)
Typically, this routine is called by a host's login program, which uses the information contained in the login context to set security attributes of the logging-in user (principal/account) that will be subsequently used for access control to the local host's resources (such as computing power)-see
sec_login_get_pwent(), sec_login_get_groups()and sec_login_get_expiration().
In typical implementations, if this operation succeeds, it updates local security registration information on the local host (information derived from information in the (now-certified) login context). This locally held information can be used for subsequent logins if the RS is unreachable (for example, because of a network partition), though such information is usable only for access to local resources (that is, it endows a process with local identity information, but not with a login context that can be used for protected RPCs).
The routine returns a non-0 (TRUE) value if the certification was successful, and 0 (FALSE) otherwise.
sec_login_get_pwent(), sec_login_get_groups(), sec_login_get_expiration(), sec_login_valid_and_cert_ident().