sec_login_validate_first(3sec)
Validates the initial login context
Synopsis
#include <dce/sec_login.h>
boolean32 sec_login_validate_first(
sec_login_handle_t init_context,
boolean32 *reset_passwd,
sec_login_auth_src_t *auth_src,
error_status_t *status);
Parameters
Input
init_context
An opaque handle to login context data. The login context contains, among other data, the account principal name and UUID, account restrictions, records of group
membership, and the process home directory. In this call, the context will be that of the host machine initial process. (See sec_intro(3sec) for more details about the login
context.)
Output
reset_passwd
A pointer to a 32-bit boolean32 value. The routine returns TRUE if the account password has expired and must be reset.
auth_src
A 32-bit set of flags identifying the source of the authentication. Upon return after successful authentication, the flags in auth_src indicate what authority
was used to validate the login context. If the authentication was accomplished with the network authority, the sec_login_auth_src_network flag is set, and the process login context has
credentials to use the network. If the authentication was accomplished with local data only (either the principal's account is tailored for the local machine with overrides, or the network authority
is unavailable), the sec_login_auth_src_local flag is set. Login contexts that are authenticated locally may not be used to establish network credentials because they have none.
status
A pointer to the completion status. On successful completion, status is assigned error_status_ok. Otherwise, it returns an error.
Description
The sec_login_validate_first( ) routine validates the default login context established via sec_login_setup_first( ). Typically, this operation is
called from the Security Validation Service of the dced process to validate the default credentials for the host machine process hierarchy. This operation uses the password for the local
host, and therefore does not require a password parameter.
Return Values
The routine returns a boolean32 value that is TRUE if the setup was successful, and FALSE otherwise.
Files
/usr/include/dce/sec_login.idl
The idl file from which dce/sec_login.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_login_s_privileged
An unprivileged process was called in.
sec_rgy_server_unavailable
The network authentication service was unavailable.
sec_pk_e_domain_unsupported
The DCE login domain is not supported by the personal security mechanism.
sec_pk_e_device_error
Personal security mechanism device error.
sec_pk_e_usage_unsupported
A private key of the required type was not located in the personal security mechanism.
sec_pk_e_unauthorized
The password is invalid for personal security mechanism access.
error_status_ok
The call was successful.
Related Information
Functions: