ckuserID Subroutine

Purpose

Authenticates the user.

Note: This subroutine is obsolete and is provided for backwards compatibility. Use the authenticate subroutine, instead.

Library

Security Library (libc.a)

Syntax

#include <login.h> int ckuserID ( User, Mode) int Mode; char *User;

Description

The ckuserID subroutine authenticates the account specified by the User parameter. The mode of the authentication is given by the Mode parameter. The login and su commands continue to use the ckuserID subroutine to process the /etc/security/user auth1 and auth2 authentication methods.

The ckuserID subroutine depends on the authenticate subroutine to process the SYSTEM attribute in the /etc/security/user file. If authentication is successful, the passwdexpired subroutine is called.

Errors caused by grammar or load modules during a call to the authenticate subroutine are displayed to the user if the user was authenticated. These errors are audited with the USER_Login audit event if the user failed authentication.

Parameters

Item	Description
User	Specifies the name of the user to be authenticated.
Mode	Specifies the mode of authentication. This parameter is a bit mask and may contain one or more of the following values, which are defined in the login.h file: S_PRIMARY The primary authentication methods defined for the User parameter are checked. All primary authentication checks must be passed. S_SECONDARY The secondary authentication methods defined for the User parameter are checked. Secondary authentication checks are not required to be successful. Primary and secondary authentication methods for each user are set in the /etc/security/user file by defining the auth1 and auth2 attributes. If no primary methods are defined for a user, the SYSTEM attribute is assumed. If no secondary methods are defined, there is no default.

Item

Description

User

Specifies the name of the user to be authenticated.

Mode

Specifies the mode of authentication. This parameter is a bit mask and may contain one or more of the following values, which are defined in the login.h file:

S_PRIMARY: The primary authentication methods defined for the User parameter are checked. All primary authentication checks must be passed.
S_SECONDARY: The secondary authentication methods defined for the User parameter are checked. Secondary authentication checks are not required to be successful.

Primary and secondary authentication methods for each user are set in the /etc/security/user file by defining the auth1 and auth2 attributes. If no primary methods are defined for a user, the SYSTEM attribute is assumed. If no secondary methods are defined, there is no default.

Security

Item	Description
Files Accessed:

Mode	File
r	/etc/passwd
r	/etc/security/passwd
r	/etc/security/user
r	/etc/security/login.cfg

Return Values

If the account is valid for the specified usage, the ckuserID subroutine returns a value of 0. Otherwise, a value of -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The ckuserID subroutine fails if one or more of the following are true:

Item	Description
ESAD	Security authentication failed for the user.
EINVAL	The Mode parameter is neither S_PRIMARY nor S_SECONDARY or the Mode parameter is both S_PRIMARY and S_SECONDARY.