sec_login_valid_and_cert_ident-Simultaneously validate and certify a login context
#include <dce/sec_login.h> boolean32 sec_login_valid_and_cert_ident ( sec_login_handle_t login_context, sec_passwd_rec_t *passwd, boolean32 *reset_passwd, sec_login_auth_src_t *authn_src, error_status_t *status );
Input
- login_context
Login context to be validated and certified.
Input/Output
- passwd
Password record to be used to validate the login context.
Output
- reset_passwd
Indicates whether a principal/account's password has expired.
- authn_src
The source of validation (or authentication) of this login context.
- status
The completion status.
The sec_login_valid_and_cert_ident() routine validates and certifies a login context (logically combining the operations of sec_login_validate_identity() and sec_login_certify_identity()), in a manner appropriate for use by privileged processes.In typical implementations this is accomplished by impersonating the local host's SCD, which may be thought of as the local TCB invoking a protected RPC to itself, and is infallible (that is, completely secure, modulo the security of the local TCB). (See
Further Discussion of Certification for details.)Upon return, this operation destroys the contents of the input passwd parameter (that is, overwrites the actual password contained in it with NULL bytes-all bits reset to 0, in the caller's address space), thereby reducing its exposure to compromise).
If the network security service is unavailable, a local-host authenticated context is created, and the authn_src parameter is set to sec_login_auth_src_local (see the description of this in
<dce/sec_login.h> ).
The routine returns non-0 (TRUE) if the login identity has been successfully validated and certified, 0 (FALSE) otherwise.
- error_status_ok
- sec_login_s_acct_invalid
- sec_login_s_already_valid
- sec_login_s_default_use
- sec_login_s_null_password
- sec_login_s_privileged
- sec_login_s_unsupp_passwd_type
- sec_rgy_passwd_invalid
- sec_rgy_server_unavailable
Functions:sec_login_certify_identity() ,sec_login_validate_identity() .
Contents | Next section | Index |