seclib(3C) seclib(3C)
NAME
seclib - security library
SYNOPSIS
#include <seclib.h>
cc ... -lseclib
DESCRIPTION
The security library provides a common set of interfaces to provide
all system Identification and Authentication (I&A) functions. The
functions take as an argument a login context structure. This struc-
ture contains all the session information required for the I&A of a
user.
The library will automatically check to see if the CSP (Commercial
Security Package) product has been installed. If it has, it will make
the CSP features available to the caller automatically. The library is
composed of several functional groups. The groups are:
Login Context Group
The Login Context group is responsible for allocating and deallo-
cating the login context structure that is used by the other
security library API calls.
See secliblogincontext(3C) for more details.
Password Entry Group
The Password Entry Group is responsible for all user interaction
of prompting for and typing in passwords. It will check the pass-
word for validity, check for various invalid password conditions,
read in the "real" user name and password as required and read in
a tokencard password if required. The Password Entry Group is
also responsible for updating the lastlog file, preparing audit
records and using syslog(3C) to log success and failure.
See seclibpassentry(3C) for more details.
Password Qualifier Group
The Password Qualifier Group is responsible for the checking of a
user password entry (in /etc/shadow) for expiration and idle time
validity. The qualifier group will also check to make sure that a
user is a member of the appropriate groups to log in.
See seclibpassqual(3C) for more details.
Secure Terminal Group
The Secure Terminal Group is responsible for checking that the
root user is only logging in (or using su) at a secure location.
See seclibsecterm(3C) for more details.
Page 1 Reliant UNIX 5.44 Printed 11/98
seclib(3C) seclib(3C)
Autologin Group
The Autologin Group is responsible for the remote-command style
of automatic login. This autologin mechanism uses (among others)
the /etc/host and $HOME/.rhost files.
See seclibruserok(3C) for more details.
Password Setting Group
The Password Setting Group is responsible for giving the user the
opportunity to set a new password when their old one has expired
or has not been set.
See seclibpasswd(3C) for more details.
Time Windows Group
The Time Windows Group is responsible for ensuring that the user
only logs in on authorized terminals and at authorized times.
See seclibtwindows(3C) for more details.
Miscellaneous Group
The Miscellaneous Group provides indirect interfaces to obtain
the proper umask and ulimit for a process. It also provides
access to the auditing system (for CSP) and to the lastlog file.
See seclibmisc(3C) for more details.
FILES
/var/adm/lastlog
SEE ALSO
secliblogincontext(3C), seclibmisc(3C), seclibpassentry(3C),
seclibpassqual(3C), seclibpasswd(3C), seclibruserok(3C),
seclibsecterm(3C), seclibtwindows(3C).
Page 2 Reliant UNIX 5.44 Printed 11/98