sec_login_get_expiration(3sec)
Returns the TGT lifetime for an authenticated identity
Synopsis
#include <dce/sec_login.h>
void sec_login_get_expiration(
sec_login_handle_t login_context,
signed32 *identity_expiration,
error_status_t *status);
Parameters
Input
login_context
An opaque handle to login context data. The login context contains, among other data, the account principal name and UUID, account restrictions, records of group
membership, and the process home directory. (See sec_intro(3sec)for more details about the login context.)
Output
identity_expiration
The lifetime of the Ticket-Granting Ticket (TGT) belonging to the authenticated identity identified by login_context. It can be used in the same
ways as a UNIX time_t.
status
A pointer to the completion status.
Description
The sec_login_get_expiration( ) routine extracts the lifetime for the TGT belonging to the authenticated identity contained in the login context. The
lifetime value is filled in if available; otherwise, it is set to 0 (zero). This routine allows an application to tell an interactive user how long the user's network login (and
authenticated identity) will last before having to be refreshed.
The routine works only on previously certified contexts.
Files
/usr/include/dce/sec_login.idl
The idl file from which dce/sec_login.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_login_s_context_invalid
The login context itself is invalid.
sec_login_s_default_use
There was illegal use of the default login handle.
sec_login_s_not_certified
The login context has not been certified.
sec_login_s_no_current_context
The calling process has no context of its own.
error_status_ok
The call was successful.
Examples
Since the authenticated network identity for a process has a finite lifetime, there is a risk it will expire during some long network operation, preventing the
operation from completing. To avoid this situation, an application might, before initiating a long operation, use the sec_login package to check the expiration time of its identity and
refresh it if there is not enough time remaining to complete the operation. After refreshing the identity, the process must validate it again with sec_login_validate_identity( ).
sec_login_get_expiration(login_context, &expire_time, &st);
if (expire_time < (current_time + operation_duration)) {
if (!sec_login_refresh_identity(login_context,
&st)) {
if (st == sec_login_s_refresh_ident_bad) {
... identity has changed ...
} else {
... login
context cannot be renewed ...
exit(error_context_not_renewable);
}
if (sec_login_validate_identity(login_context, password,
&reset_passwd, &auth_src, &st)) {
... identity validated ...
} else {
... validation
failed ...
exit(error_validation_failure);
}
}
}
operation( );
Related Information
Functions:
sec_login_get_current_context(3sec)