OSF DCE Application Development Guide--Core Components
The Password Management API
2. The client calls sec_pwd_mgmt_get_val_type( ), specifying the handle returned
by sec_pwd_mgmt_setup( ) in step 1. The value of the principal’s pwd_val_type
ERA is extracted from the handle and returned to the client.
3. The client analyzes the principal’s pwd_val_type ERA to determine whether a
generated password is required. If so, it calls sec_pwd_mgmt_gen_pwd(),
specifying the number of passwords needed, and the handle returned by
sec_pwd_mgmt_setup. The client security runtime makes an RPC call to the
password management server, which generates passwords that adhere to the
principal’s password policy.
4. The client calls sec_rgy_acct_passwd( ) (or some other form), specifying the new
password (either input by the user or generated by sec_pwd_mgmt_gen_pwd( )).
If the principal’s pwd_val_type ERA mandates it, the registry service makes an
RPC call to the password management server, specifying the name of the principal
and the password to be strength checked. The password management server
checks the format of the password according to the user’s password policy and
accepts or rejects it.
5. The client calls sec_pwd_mgmt_free_handle( ) to free the memory associated
with the password management handle.
Following is an example of a password change program that calls the
sec_pwd_mgmt_*()API as previously described.
sec_pwd_mgmt_setup(&pwd_mgmt_h, context, login_name,
login_context, NULL, &st);
if (GOOD_STATUS(&st)) {
sec_pwd_mgmt_get_val_type(pwd_mgmt_h, &pwd_val_type, &st);
}
if (GOOD_STATUS(&st)) {
switch (pwd_val_type) {
case 0: /* NONE */
case 1: /* USER_SELECT */
... get password ...
break;
case 2: /* USER_CAN_SELECT */
... if user does not want generated password ... {
... get password ...
break;
}
case 3: /* GENERATION_REQUIRED */
sec_pwd_mgmt_gen_pwd(pwd_mgmt_h, 1, &num_returned,
&passwd, &st);
... display generated password to user - possibly
prompting for confirmation ...
break;
}
}
if (GOOD_STATUS(&st)) {
sec_rgy_acct_passwd(context, &login_name, &caller_key,
&passwd, new_keytype, &new_key_version, &st);
}
124245 Tandem Computers Incorporated 35−3