SECURITY-LOGIN(2)SECURITY-LOGIN(2)NAME
login - verify credentials
SYNOPSIS
include "keyring.m";
include "security.m";
login := load Login Login->PATH;
login: fn(name, password, addr: string):
(string, ref Keyring->Authinfo);
DESCRIPTION
The Login module is provided for use by a client of a certifying
authority (CA) or `signer'. The login function communicates with a
certifying authority (CA) in order to create a Keyring->Authinfo adt
which contains a public/private key pair and a certificate signed by
the CA (see keyring-intro(2)). The public/private key pair is gener‐
ated by login using the same parameters as those in the signer's key
(eg, algorithm and key length); see keyring-gensk(2). The procedure
assumes a secret, i.e. a password, has already been established between
the user and the CA. See changelogin(8) and keyfs(4) for how this
password is managed at the CA.
Login connects, using dial(2), to the signer at network address addr,
which is any form accepted by cs(8), including the special address
$SIGNER, which cs will translate to the client's default signer (if
there is one). Normally the incoming call will be given to logind(8)
by svc(8).
Login sends the user name and password, using the protocol described in
login(6), to justify the server's issuing a certificate, which is
returned in a Keyring->Authinfo adt on success. The certificate can if
desired be stored by Keyring->writeauthinfo; see keyring-auth(2). The
password is used by the encrypted key exchange protocol to establish a
secure channel between user and CA.
SOURCE
/appl/lib/login.b
SEE ALSOgetauthinfo(8), keyring-auth(2), login(6), createsignerkey(8),
logind(8)DIAGNOSTICS
Login returns nil in the string component on success and a diagnostic
string on error (with a nil Keyring->Authinfo reference).
SECURITY-LOGIN(2)