Authenticates the user.
Security Library (libc.a)
The ckuserID subroutine authenticates the account specified by the User parameter. The mode of the authentication is given by the Mode parameter. The login and su commands continue to use the ckuserID subroutine to process the /etc/security/user auth1 and auth2 authentication methods.
The ckuserID subroutine depends on the authenticate (authenticate Subroutine) subroutine to process the SYSTEM attribute in the /etc/security/user file. If authentication is successful, the passwdexpired (passwdexpired Subroutine) subroutine is called.
Errors caused by grammar or load modules during a call to the authenticate subroutine are displayed to the user if the user was authenticated. These errors are audited with the USER_Login audit event if the user failed authentication.
Files Accessed: |
Mode | File |
---|---|
r | /etc/passwd |
r | /etc/security/passwd |
r | /etc/security/user |
r | /etc/security/login.cfg |
If the account is valid for the specified usage, the ckuserID subroutine returns a value of 0. Otherwise, a value of -1 is returned and the errno global variable is set to indicate the error.
The ckuserID subroutine fails if one or more of the following are true:
ESAD | Security authentication failed for the user. |
EINVAL | The Mode parameter is neither S_PRIMARY nor S_SECONDARY or the Mode parameter is both S_PRIMARY and S_SECONDARY. |
The authenticate (authenticate Subroutine) subroutine, ckuseracct (ckuseracct Subroutine) subroutine, getpcred (getpcred Subroutine) subroutine,getpenv (getpenv Subroutine) subroutine, passwdexpired (passwdexpired Subroutine) subroutine, setpcred subroutine, setpenv subroutine.
The login command, su command.
List of Security and Auditing Subroutines and Subroutines Overview in AIX Version 6.1 General Programming Concepts: Writing and Debugging Programs.