seclib_passentry(3C) seclib_passentry(3C)
NAME
seclibpassentry - password entry and checking functions
SYNOPSIS
cc ... -lseclib
#include <seclib.h>
enum seclibreturnval
seclibpassentry(enum secentryoptions, struct logincontext *);
enum seclibreturnval
seclibpassentryckfailed(enum secentryoptions,
struct logincontext *);
DESCRIPTION
The Password Entry Group is responsible for all user interaction of
prompting for and typing in passwords. It will check the password for
validity, check for various invalid password conditions, read in the
"real" user name and password as required and read in a tokencard
password if required. The Password Entry Group is also responsible for
updating the lastlog file, preparing audit records and using
syslog(3C) to log success and failure.
The seclibpassentry() function will:
- SECECKPASS
Prompt the user for their password, verify it.
- SECEDIALPASS
Prompt the user for a dial-in password, verify it.
- SECECKRPASS (CSP feature)
Prompt the user for their "real user" password, verify it.
- SECEGETREALNAME (CSP feature)
Prompt the user for a "real user name" if they are logging in as
the root user. Verify their "real user" password.
- SECETOKENCHECK (CSP and Tokencard feature)
Attempt to authenticate the user via a token card.
The seclibpassentryckfailed() function will:
- SECELASTLOG
Update the lastlog file, but save the old lastlog information.
Page 1 Reliant UNIX 5.44 Printed 11/98
seclib_passentry(3C) seclib_passentry(3C)
- SECELOGINDELAY
Sleep a while (LOGINDELAY)
Page 2 Reliant UNIX 5.44 Printed 11/98
seclib_passentry(3C) seclib_passentry(3C)
- SECEMAXTRIES
Limit the user to MAXTRIES login attempts (zero for MAXTRIES means
no limit)
- SECESYSLOG
syslog(3C) success and failure of the access request
- SECETIMEOUT
If the user takes too long to supply a password, terminate the
attempt.
- SECEAUDIT (CSP feature)
Audit success and failure of the access request.
- SECELOCKTTY (CSP feature)
If too many incorrect attempts were made on this tty port, lock it.
- SECELOCKUSER (CSP feature)
If too many incorrect attempts on behalf of a particular user, lock
the user's password.
ARGUMENTS
secentryoptions
A bitmask that directs the function to enable particular
features. The complete list of values in the bitmask may be found
in the seclib.h header.
logincontext
A value as returned by secliblogincontext(). The structure
referenced by this pointer contains all of the session informa-
tion required to authenticate a user via the security library.
RETURN VALUE
The functions return the seclibreturnval enumeration. The functions
will return:
SECROK
The function completed processing without encountering a system
error.
NOTE: the function will return SECROK even if it sets
context->reason to a failure value.
SECRCALLFAILED
The function call failed. This is usually because a system call
failed (such as a malloc() failing when a brk() call returned
Page 3 Reliant UNIX 5.44 Printed 11/98
seclib_passentry(3C) seclib_passentry(3C)
with an error).
SECRBADOPTION
The function was called with an invalid argument.
SEE ALSO
seclib(3C), secliblogincontext(3C), seclibmisc(3C),
seclibpassqual(3C), seclibpasswd(3C), seclibruserok(3C),
seclibsecterm(3C), seclibtwindows(3C).
Page 4 Reliant UNIX 5.44 Printed 11/98