Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_login_certify_identity-Certify a (validated) login context.

SYNOPSIS

#include <dce/sec_login.h>

boolean32 sec_login_certify_identity(
    sec_login_handle_t login_context,
    error_status_t *status);

PARAMETERS

Input

login_context

Login context to be certified.

Output

status

The completion status.

DESCRIPTION

The sec_login_certify_identity() routine certifies a (validated) login context; that is, demonstrates its trustworthiness (for the purpose of basing access decisions on information carried in it) to parties other than the principal/account to which it is associated.

In typical implementations this is accomplished by using the login context to execute a protected RPC (of authentication type rpc_c_authn_dce_secret, of authorisation type rpc_c_authz_dce, and of protection level rpc_c_protect_level_pkt_integ) to the local host's SCD. If an implementation of sec_login_certify_identity() does not support the same strong guarantee of "infallible" certification that sec_login_valid_and_cert_ident() does, this fact (as well as the information about the strength of the guarantee that actually is supported) must be noted in the implementation's documentation of sec_login_certify_identity(). (See Further Discussion of Certification for details.)

Typically, this routine is called by a host's login program, which uses the information contained in the login context to set security attributes of the logging-in user (principal/account) that will be subsequently used for access control to the local host's resources (such as computing power)-see sec_login_get_pwent(), sec_login_get_groups() and sec_login_get_expiration().

In typical implementations, if this operation succeeds, it updates local security registration information on the local host (information derived from information in the (now-certified) login context). This locally held information can be used for subsequent logins if the RS is unreachable (for example, because of a network partition), though such information is usable only for access to local resources (that is, it endows a process with local identity information, but not with a login context that can be used for protected RPCs).

RETURN VALUES

The routine returns a non-0 (TRUE) value if the certification was successful, and 0 (FALSE) otherwise.

ERRORS

error_status_ok

sec_login_s_config

sec_login_s_context_invalid

sec_login_s_default_use

SEE ALSO

Functions: sec_login_get_pwent(), sec_login_get_groups(), sec_login_get_expiration(), sec_login_valid_and_cert_ident().

Protocols: scd_protected_noop().

Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index