DCE Security Service - Login API Data Types

Data Types

The following data types are used in sec_login_ calls:

sec_login_handle_t
This is an opaque pointer to a data structure representing a complete login context. The context includes a principal's network credentials, as well as other account information. The network credentials are also referred to as the principal's "ticket-granting ticket."

sec_login_flags_t
A 32-bit set of flags describing restrictions on the use of a principal's validated network credentials. Currently, only one flag is implemented, and the set can take on the following two values:

sec_login_no_flags
No special flags are set.

sec_login_credentials_private
Restricts the validated network credentials to the current process. If this flag is not set, it is permissible to share credentials with descendants of current process.

sec_login_auth_src_t
An enumerated set describing how the login context was authorized. The possible values are:

sec_login_auth_src_network
Authentication accomplished through the normal network authority. A login context authenticated this way will have all the network credentials it ought to have.

sec_login_auth_src_local
Authentication accomplished via local data. Authentication occurs locally if a principal's account is tailored for the local machine, or if the network authority is unavailable. Since login contexts authenticated locally have no network credentials, they may not be used for network operations.

sec_login_auth_src_overridden
Authentication accomplished via the override facility.

sec_login_passwd_t
The sec_login_get_pwent( ) call will return a pointer to a "password" structure, which depends on the underlying registry structure. In most cases, the structure will look like that supported by Berkeley 4.4BSD and OSF/1, which looks like this:

struct passwd{
char *pw_name; *user name*
char *pw_passwd; *encrypted password*
int pw_uid; *user uid*
int Pw_gid; *user gid*
time_t_ pw_change; *password change time*
char *pw_class; *user access class*
char *pw_gecos; *Honeywell login info*
char *pw_dir; *home directory*
char *pw_shell; *default shell*
time_t pw_expire; *account expiration*
};

sec_passwd_rec_t
A structure containing either a plaintext password or a preencrypted buffer of password data. The sec_passwd_rec_t structure consists of three components:

version_number
The version number of the password.

pepper
A character string combined with the password before an encryption key is derived from the password.

key
A structure consists of the following components:

key_type
The key type can be the following:

sec_passwd_plain
Indicates that a printable string of data is stored in plain.

sec_passwd_des
Indicates that an array of data is stored in des_key.

tagged_union
A structure specifying the password. The value of the structure depends on key_type. If key_type is sec_passwd_plain, structure contains plain, a character string. If key_type is sec_passwd_des, the structure contains des_key, a DES key of type sec_passwd_des_key_t.