shithub: purgatorio

ref: ec35f468e0eba87c9f09cbbe5fa8af2591e6f914
dir: /man/2/security-login/

View raw version
.TH SECURITY-LOGIN 2
.SH NAME
login \- verify credentials
.SH SYNOPSIS
.EX
include "keyring.m";
include "security.m";
login := load Login Login->PATH;

login: fn(name, password, addr: string):
	(string, ref Keyring->Authinfo);
.EE
.SH DESCRIPTION
The
.BR Login
module is provided for use by a client of
a certifying authority (CA) or `signer'.
The
.B login
function communicates
with a certifying authority (CA)
in order to create a
.B Keyring->Authinfo
adt
which contains a public/private key pair and a certificate
signed by the CA
(see
.IR keyring-intro (2)).
The public/private key pair is generated by
.B login
using the same parameters as those in the signer's key
(eg, algorithm and key length);
see
.IR keyring-gensk (2).
The procedure assumes a secret, i.e. a
password, has already been established
between the user and the CA.
See
.IR changelogin (8)
and
.IR keyfs (4)
for how this password is managed at the
CA.
.PP
.B Login
connects, using
.IR dial (2),
to the signer at network address
.IR addr ,
which is any form accepted by
.IR cs (8),
including the special address
.BR $SIGNER ,
which
.IR cs
will translate to the client's default signer (if there is one).
Normally the incoming call will be given to
.IR logind (8)
by
.IR svc (8).
.PP
.B Login
sends the user
.I name
and
.IR password ,
using the protocol described in
.IR login (6),
to justify the server's
issuing a certificate, which is returned in a
.B Keyring->Authinfo
adt on success.
The certificate can if desired be stored by
.BR Keyring->writeauthinfo ;
see
.IR keyring-auth (2).
The password is used by the encrypted
key exchange protocol to establish
a secure channel between user and CA.
.SH SOURCE
.B /appl/lib/login.b
.SH SEE ALSO
.IR getauthinfo (8),
.IR keyring-auth (2),
.IR login (6),
.IR createsignerkey (8),
.IR logind (8)
.SH DIAGNOSTICS
.B Login
returns nil in the string component
on success and a diagnostic string on error (with a nil
.B Keyring->Authinfo
reference).