NAME
- login - verify credentials
SYNOPSIS
-
include "keyring.m"; include "security.m"; login := load Login Login->PATH; login: fn(name, password, addr: string): (string, ref Keyring->Authinfo);
DESCRIPTION
-
The
Login
module is provided for use by a client of
a certifying authority (CA) or `signer'.
The
login
function communicates
with a certifying authority (CA)
in order to create a
Keyring->Authinfo
adt
which contains a public/private key pair and a certificate
signed by the CA
(see
keyring-intro(2)).
The public/private key pair is generated by
login
using the same parameters as those in the signer's key
(eg, algorithm and key length);
see
keyring-gensk(2).
The procedure assumes a secret, i.e. a
password, has already been established
between the user and the CA.
See
changelogin(8)
and
keyfs(4)
for how this password is managed at the
CA.
Login connects, using sys-dial(2), to the signer at network address addr, which is any form accepted by cs(8), including the special address $SIGNER, which cs will translate to the client's default signer (if there is one). Normally the incoming call will be given to logind(8) by svc(8).
Login sends the user name and password, using the protocol described in login(6), to justify the server's issuing a certificate, which is returned in a Keyring->Authinfo adt on success. The certificate can if desired be stored by Keyring->writeauthinfo; see keyring-auth(2). The password is used by the encrypted key exchange protocol to establish a secure channel between user and CA.
SOURCE
- /appl/lib/login.b
SEE ALSO
- getauthinfo(8), keyring-auth(2), login(6), createsignerkey(8), logind(8)
DIAGNOSTICS
- Login returns nil in the string component on success and a diagnostic string on error (with a nil Keyring->Authinfo reference).
| SECURITY-LOGIN(2) | Rev: Tue Jan 29 13:11:44 GMT 2008 |