OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

621

622

623

624

625

626

627

628

629

630

The Login API

uncertiﬁed context issue a warning.

29.1.2 Validating the Login Context Without Certifying the Security

Server

An application that does not use login contexts to set local identity information does not

need to certify its login contexts. Since an illegitimate security server is unlikely to

know the key of a remote server principal with which the application may communicate,

the application will simply be refused the service requested from the remote server

principal. If local operating system identity information is assumed to be neither of

interest nor of concern to an application, it may call sec_login_validate_identity( ),

which does not attempt to verify the security server’s knowledge of the host principal’s

key.

The sec_login_validate_identity() routine does not acquire a PTGT, unlike the

sec_login_certify_identity() and sec_login_valid_and_cert_ident( ) routines. Instead,

the PTGT is acquired when the application ﬁrst makes an authenticated remote

procedure call.

29.1.3 Example of a System Login Program

Following is an example of a system login program that obtains a login context that can

be trusted for both network and local operations.

Note: One of the function calls that appears in the following example,

sec_login_purge_context( ), is described in Section 29.6.4.

if (sec_login_setup_identity(principal,sec_login_no_flags,

&login_context,&st))

{

...get password...

if (sec_login_valid_and_cert_ident(login_context, password,

&reset_passwd, &auth_src,&st))

{

if(auth_src==sec_login_auth_src_network)

{

if (GOOD_STATUS(&st)

sec_login_set_context(login_context);

}

if (reset_passwd)

{

...reset the user’s password...

if (passwd_reset_fails)

124245 Tandem Computers Incorporated 29−3