Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_login_valid_and_cert_ident-Simultaneously validate and certify a login context

SYNOPSIS

#include <dce/sec_login.h>

boolean32 sec_login_valid_and_cert_ident (
    sec_login_handle_t login_context,
    sec_passwd_rec_t *passwd,
    boolean32 *reset_passwd,
    sec_login_auth_src_t *authn_src,
    error_status_t *status );

PARAMETERS

Input

login_context

Login context to be validated and certified.

Input/Output

passwd

Password record to be used to validate the login context.

Output

reset_passwd

Indicates whether a principal/account's password has expired.

authn_src

The source of validation (or authentication) of this login context.

status

The completion status.

DESCRIPTION

The sec_login_valid_and_cert_ident() routine validates and certifies a login context (logically combining the operations of sec_login_validate_identity() and sec_login_certify_identity()), in a manner appropriate for use by privileged processes.

In typical implementations this is accomplished by impersonating the local host's SCD, which may be thought of as the local TCB invoking a protected RPC to itself, and is infallible (that is, completely secure, modulo the security of the local TCB). (See Further Discussion of Certification for details.)

Upon return, this operation destroys the contents of the input passwd parameter (that is, overwrites the actual password contained in it with NULL bytes-all bits reset to 0, in the caller's address space), thereby reducing its exposure to compromise).

If the network security service is unavailable, a local-host authenticated context is created, and the authn_src parameter is set to sec_login_auth_src_local (see the description of this in <dce/sec_login.h>).

RETURN VALUES

The routine returns non-0 (TRUE) if the login identity has been successfully validated and certified, 0 (FALSE) otherwise.

ERRORS

error_status_ok

sec_login_s_acct_invalid

sec_login_s_already_valid

sec_login_s_default_use

sec_login_s_null_password

sec_login_s_privileged

sec_login_s_unsupp_passwd_type

sec_rgy_passwd_invalid

sec_rgy_server_unavailable

SEE ALSO

Functions: sec_login_certify_identity(), sec_login_validate_identity().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index