Verifies a user's name and password.
Security Library (libc.a)
The Reenter parameter remains a nonzero value until the user satisfies all prompt messages or answers incorrectly. When the Reenter parameter is 0, the return code signals whether authentication passed or failed. The value of the Reenter parameter must be 0 on the initial call. A nonzero value for the Reenter parameter must be passed to the authenticatex subroutine on subsequent calls. A new authentication can be begun by calling the authenticatex subroutine with a 0 value for the Reenter parameter or by using a different value for UserName.
The State parameter contains information about the authentication process. The State parameter from an earlier call to loginrestrictionsx can be used to control how authentication is performed. Administrative domains that do not permit the user to log in cause those administrative domains to be ignored during authentication even if the user has the correct authentication information.
The authenticatex subroutine ascertains the authentication domains the user can attempt. The subroutine uses the SYSTEM attribute for the user. Each token that is displayed in the SYSTEM line corresponds to a method that can be dynamically loaded and processed. Likewise, the system can provide multiple or alternate authentication paths.
The authenticatex subroutine maintains internal state information concerning the next prompt message presented to the user. If the calling program supplies a different user name before all prompts are complete for the user, the internal state information is reset and prompt messages begin again. The authenticatex subroutine requires that the State parameter be initialized to reference a null value when changing user names or that the State parameter from an earlier call to loginrestrictionsx for the new user be provided.
If the user has no defined password, or the SYSTEM grammar explicitly specifies no authentication required, the user is not required to respond to any prompt messages. Otherwise, the user is always initially prompted to supply a password.
The authenticatex subroutine can be called initially with the cleartext password in the Response parameter. If the user supplies a password during the initial invocation but does not have a password, authentication fails. If the user wants the authenticatex subroutine to supply a prompt message, the Response parameter is a null pointer on initial invocation.
The authenticatex subroutine sets the AUTHSTATE environment variable used by name resolution subroutines, such as the getpwnam subroutine. This environment variable indicates the first registry to which the user authenticated. Values for the AUTHSTATE environment variable include DCE, compat, and token names that appear in a SYSTEM grammar. A null value can exist if the cron daemon or another utility that does not require authentication is called.
Item | Description |
---|---|
Message | Points to a pointer that the authenticatex subroutine allocates memory for and fills in. This string is suitable for printing and issues prompt messages (if the Reenter parameter is a nonzero value). It also issues informational messages, such as why the user failed authentication (if the Reenter parameter is 0). The calling application is responsible for freeing this memory. |
Reenter | Points to an integer value that signals whether the authenticatex subroutine has completed processing. If the integer referenced by the Reenter parameter is a nonzero value, the authenticatex subroutine expects the user to satisfy the prompt message provided by the Message parameter. If the integer referenced by the Reenter parameter is 0, the authenticatex subroutine has completed processing. The initial value of the integer referenced by Reenter must be 0 when the authenticatex function is initially invoked and must not be modified by the calling application until the authenticationx subroutine has completed processing. |
Response | Specifies a character string containing the user's response to an authentication prompt. |
State | Points to a pointer that the authenticatex subroutine allocates memory for and fills in. The State parameter can also be the result of an earlier call to the loginrestrictionsx subroutine. This parameter contains information about the results of the authentication process for each term in the user's SYSTEM attribute. The calling application is responsible for freeing this memory when it is no longer needed for a subsequent call to the passwdexpiredx or chpassx subroutines. |
UserName | Points to the user's name that is to be authenticated. |
Upon successful completion, the authenticatex subroutine returns a value of 0. If this subroutine fails, it returns a value of 1.
The authenticatex subroutine is unsuccessful if one of the following values is true:
Item | Description |
---|---|
EINVAL | The parameters are not valid. |
ENOENT | The user is unknown to the system. |
ENOMEM | Memory allocation (malloc) failed. |
ESAD | Authentication is denied. |