man(1) Manual page archive


     SECURITY-LOGIN(2)                               SECURITY-LOGIN(2)

     NAME
          login - verify credentials

     SYNOPSIS
          include "keyring.m";
          include "security.m";
          login := load Login Login->PATH;

          login: fn(name, password, addr: string):
               (string, ref Keyring->Authinfo);

     DESCRIPTION
          The Login module is provided for use by a client of a certi-
          fying authority (CA) or `signer'.  The login function commu-
          nicates with a certifying authority (CA) in order to create
          a Keyring->Authinfo adt which contains a public/private key
          pair and a certificate signed by the CA (see keyring-
          intro(2)). The public/private key pair is generated by login
          using the same parameters as those in the signer's key (eg,
          algorithm and key length); see keyring-gensk(2). The proce-
          dure assumes a secret, i.e. a password, has already been
          established between the user and the CA.  See changelogin(8)
          and keyfs(4) for how this password is managed at the CA.

          Login connects, using sys-dial(2), to the signer at network
          address addr, which is any form accepted by cs(8), including
          the special address $SIGNER, which cs will translate to the
          client's default signer (if there is one).  Normally the
          incoming call will be given to logind(8) by svc(8).

          Login sends the user name and password, using the protocol
          described in login(6), to justify the server's issuing a
          certificate, which is returned in a Keyring->Authinfo adt on
          success.  The certificate can if desired be stored by
          Keyring->writeauthinfo; see keyring-auth(2). The password is
          used by the encrypted key exchange protocol to establish a
          secure channel between user and CA.

     SOURCE
          /appl/lib/login.b

     SEE ALSO
          getauthinfo(8), keyring-auth(2), login(6),
          createsignerkey(8), logind(8)

     DIAGNOSTICS
          Login returns nil in the string component on success and a
          diagnostic string on error (with a nil Keyring->Authinfo
          reference).